MantisBT is a web based bug tracking system that was first made available to the public in November 2000. Over time it has matured and gained a lot of popularity, and now it has become one of the most popular open source bug/issue tracking systems. MantisBT is developed in PHP, with support to multiple database backends including MySQL, MS SQL and PostgreSQL.

MantisBT, as a PHP script, can run on any operating system that is supported by PHP and has support for one of the DBMSes that are supported. MantisBT is known to run fine on Windows, Linux, OS/2, Mac OS X, System i and a variety of Unix operating systems.

MantisBT is available in several Linux distributions including: Debian, Ubuntu, Fedora, Gentoo, Frugalware and others. Hence, if you are running Linux, start by checking if your distribution has a package for MantisBT. If not, or if the package is not up-to-date with the latest MantisBT version, then you may want to download it directly from here.

For Windows, Mac OS X and other operating systems, use the link provided above to download MantisBT. The download is compressed in tar.gz or zip format. Both formats can be unpacked using tools like 7-Zip (in case of Windows).

Note that at any point in time there are typically two "latest" MantisBT releases that are available for download. The latest production release (stable), and the latest development release which can be an alpha or a release candidate. It is not recommended to use development releases in production specially if it is still in the alpha stage unless the administrator is familiar with PHP and is able to troubleshoot and fix any issues that may arise.

When initially seeking to name this project Ken ran into a problem every programmer encounters. What is a good name? It has to be descriptive, unique, and not too verbose. Additionally having multiple meanings would be a nice touch. Quickly ruled out were php*Something* names which, incidentally, although popular, do not seem to be condoned by the PHP Group developers. Drawing inspiration from Open Source projects like Apache, Mozilla, Gnome, and so forth resulted in two eventual choices: Dragonfly and Mantis. Dragonfly was already the name of a webmail package. So the name became Mantis.

Praying Mantis are insects that feed primarily on other insects and bugs. They are extremely desirable in agriculture as they devour insects that feed on crops. They are also extremely elegant looking creatures. So, we have a name that is fairly distinctive and descriptive in multiple ways. The BT suffix stands for "Bug Tracker" and distinguishes this project from general usage of the word Mantis. However, over time the project was typically referred to as Mantis.

Kenzaburo Ito and a friend originally created a bug tracker as an internal tool for their pet project. A search for good, free packages came up with nothing suitable so they wrote their own. After a rewrite and cleanup it was made available to the public via the GNU General Public License (GPL). The GPL was chosen partly because of his belief that development tools should be cheap or free. In 2002, Ken was joined by Jeroen Latour, Victor Boctor and Julian Fitzell to be the administrators and the core development team of MantisBT. This marks a new era in MantisBT lifetime where it is now a team project.

There are plenty of resources to help answer support queries. Following are the main ones:

Forums - The forums are one of the most popular destinations for getting MantisBT support. Start off by searching the forums for your questions, if not found, then go ahead and submit a question.

Mailing lists - Several lists are available, each of them with its own, specific purpose. Note that posting messages is restricted to subscribers so you will have to register before you can send messages; however, there are public archives available if you're only interested in reading.

Gitter is a browser-based, on-line chat that has mainly replaced the team's use of IRC. In the main chat room, you can have a live discussion with the developers and other MantisBT users. Gitter supports all modern browsers and also offers Android and iOS-based clients, as well as an IRC bridge.

IRC - The IRC channel not very active anymore, as the developers have moved on to using Gitter for live discussions; nevertheless, the channel is still open. There are many free IRC clients: XChat (for Linux), HexChat, IceChat amongst others. You can also use Web Chat to connect to IRC via your web browser, which may also be useful when you're behind a firewall that blocks the IRC port. The IRC channel logs are archived and made available on the MantisBT web site.

Search - A good way for locating an answer to your question or finding more information about a topic is to search across all MantisBT website and the Internet via your favorite search engine, e.g. Google or Bing.

Note

Support questions should not be sent directly to MantisBT developers or through the MantisBT website's contact pages.

Also, our bug tracker is reserved for reporting issues with the software, and must not be used for support requests.

There are several ways to keep up to date with MantisBT news. These include:

We send release announcements and important updates to users registered on our official bugtracker. To get onto our mailing list, users will have to signup there and verify their email address. This same account can also be used to report, monitor, and comment on issues relating to MantisBT.

MantisBT Blog is used to communicate announcements about new releases, topics relating to MantisBT, etc. Users are encouraged to subscribe to the RSS feed to know when new posts are posted there.

Twitter is used to notify users about up-to-date details about what is happening with MantisBT development. Twitter users are encouraged to follow "@mantisbt".

MantisBT runs on Windows, MacOS, OS/2, Linux, Solaris, the BSDs, and just about anything that supports the required server software.

Web Server

MantisBT is mainly tested with Microsoft IIS and Apache. However, it is expected to work with any recent web server software.

File Extensions: MantisBT uses only .php files. If your webserver is configured for other extensions (e.g. .PHP3, .PHTML) then you will have to request the administrator to add support for .PHP files. This should be a trivial modification. Further details can be found in the PHP documentation

The web server must support PHP. It can be installed as CGI or any other integration technology.

PHP extensions

MantisBT is designed to work in as many environments as possible. Hence the required extensions are minimal and many of them are optional affecting only one feature.

Mandatory extensions

The extension for the RDBMS being used ( mysqli, pgsql, oci8, sqlsrv )

mbstring - Required for Unicode (UTF-8) support.

Fileinfo - Guesses the MIME type of attachments

Without this extension, file attachment previews and downloads do not work as MantisBT won't be able to send the Content-Type header to a browser requesting an attachment.

This extension is included by default from PHP version 5.3.x and above.

Optional extensions

Curl - required for the Twitter integration feature

GD - required for the captcha feature

Database

MantisBT requires a database to store its data. The supported RDBMS are:

MySQL (or one of its forks, e.g. MariaDB)

PostgreSQL

Experimental support is also available for

Microsoft SQL Server

Oracle

Experimental support means that manual intervention by a skilled Database Administrator may be required to complete the installation, and/or that there may be known issues or limitations when using the software. Please refer to our Issue tracker, filtering on categories db mssql and db oracle to find out more about those.

Note

Please note that the MantisBT development team mainly works with MySQL, so testing for other drivers is not as extensive as we mainly rely on community contributions to improve support and fix issues with other RDBMS.

Our minimum requirements are generally based on availability of support for the underlying software by their respective vendors. In some cases, we do require a specific version because we rely on a feature that is not available in older releases.

Warning

Running MantisBT with versions of the software components lower than the minimum requirements listed above is not supported.

This can be done using whatever method you like best (ftp, scp, etc). You will need to telnet/ssh into the server machine for the next steps.

Extract the release

It is highly recommended to maintain a separate directory for each release. This not only avoids mismatch between versions, (files may have been added or removed) but also provides an easy path to downgrade your installation, should you need to.

The usual command is (1 step):

tar -xzf filename.tar.gz

OR (2 steps):

gunzip filename.tar.gz
tar -xf filename.tar

Other file archiving tools such as 7-Zip should also be able to handle decompression of the archive.

The extraction process should create a new directory like mantisbt-1.3.x

Rename the directory

For new installations, you may want to rename the directory just created to something simpler, e.g. mantisbt

Once that is done, execute the installation script. From your web browser, access

http://yoursite/mantisbt/admin/install.php

The installation procedure will go through the following steps:

The script checks basic parameters for the web server

Provide required information for the installation

database type

database server hostname

user and password

Required privileges: SELECT, INSERT, UPDATE, and DELETE

high-privileged database account

Additional privileges required: INDEX, CREATE, ALTER, and DROP

If this account is not specified, the database user will be used.

Click the Install/Upgrade Database button

The script creates the database and tables.

The default Administrator user account is created at this stage, to allow the initial login and setup of MantisBT.

The script attempts to write a basic config_inc.php file to define the database connection parameters.

This operation may fail if the web server's user account does not have write permissions to the directory (which is recommended for obvious security reasons). In this case, you will have to manually create the file and copy/paste the contents from the page.

There are many settings that you can adjust to configure and customize MantisBT. Refer to Chapter 5, Configuration, as well as the config_defaults_inc.php file for in depth explanations of the available options. Check out also Chapter 7, Customizing MantisBT for further options to personalize your installation.

This step is normally only required for new installations, but when upgrading you may want to review and possibly customize any new configuration options.

Open or create the file config_inc.php in subfolder config in an editor and add or modify any values as required. These will override the default values.

You may want to use the provided config_inc.php.sample file as a starting point.

Warning

you should never edit the config_defaults_inc.php file directly, as it could cause issues with future upgrades. Always store your custom configuration in your own config_inc.php file.

Instructions in this section are common to both new installations and upgrades, and should be applied after completing either process.

Test your configuration

Load up admin/check/index.php to validate whether everything is setup correctly, and take corrective action as needed.

Delete the admin folder

Once you have confirmed that the install or upgrade process was successful, you should delete this directory

rm -r admin

For security reasons, the scripts within this directory should not be freely accessible on a live MantisBT site, particularly one which is accessible via the Internet, as they can allow unauthorized people (e.g. hackers) to gain technical knowledge about the system, as well as perform administrative tasks.

Instructions in this section should only be applied after upgrading an existing installation.

Test the new release

Perform any additional testing as appropriate to ensure the new version does not introduce any regressions.

Switch the site to the new version

The commands below should be executed from the web root (or wherever the mantisbt scripts are installed) and assume that the "live" directory (old version) is named mantisbt and the new release directory is mantisbt-1.3.x.

mv mantisbt mantisbt-old
mv mantisbt-1.3.x mantisbt

Put the site back on line

rm mantis_offline.php

This should be the final step in the upgrade process, as it will let users login again.

It is strongly recommended to backup your MantisBT database on a regular basis. The method to perform this operation depends on which RDBMS you use.

Backups are a complex subject, and the specificities of implementing and handling them for each RDBMS are beyond the scope of this document. For your convenience, the section below provides a simple method to backup MySQL databases.

You should also consider implementing backups of your MantisBT code (which includes your configs and possibly customization), as well as issue attachments (if stored on disk) and project documents.

Warning

You should always backup your system (code and database) before upgrading !

A good idea is to make a backup script and run it regularly through cron or a task scheduler (for Windows see WinCron ). Using the current date in the filename can prevent overwriting and make cataloguing easier.

In MantisBT, there is no limit on the number of user accounts that can be created. Typically, installations with thousands of users tend to have a limited number of users that have access level above REPORTER.

By default users with ADMINISTRATOR access level have access to create new user accounts. The steps to do that are:

If email notifications ($g_enable_email_notification) is set to ON, then the user will receive an email allowing them to activate their account and set their password. Otherwise, the account will be created with a blank password.

If email notifications ($g_enable_email_notification) is set to ON, users with access level about $g_notify_new_user_created_threshold_min will get a notification that a user account has been created. Information about the user like user name and email address are provided. The IP of the user that created the account is also included.

When the 'Protected' flag is set on a user account, it indicates that the account is a shared account (e.g. demo account) and hence users logged using such account will not be allowed to change account preferences and profile information.

The anonymous user account specified with the $g_anonymous_account option will always be treated as a protected user account. When you are creating the anonymous user account, the 'Protected' flag is essentially ignored because the anonymous user is always treated as a protected user.

The recommended way of retiring user accounts is to disable them. Scenarios where this is useful is when a person leaves the team and it is necessary to retire their account.

Once an account is disabled the following will be enforced:

All currently active sessions for the account will be invalidated (i.e. automatically logged out).

It will no longer be possible login using this account.

No further email notifications will be sent to the account once it is disabled.

The user account will not show anymore in lists like "assign to", "send reminder to", etc.

The disabling process is totally reversible. Hence, the account can be re-enabled and all the account history will remain intact. For example, the user will still have issues reported by them, assigned to them, monitored by them, etc.

Another way to retire user accounts is by deleting them. This approach is only recommended for accounts that have not been active (i.e. haven't reported issues). Once the account is deleted, any issues or actions associated with such account, will be associated with user123 (where 123 is the code of the account that was deleted). Note that associated issues or actions are not deleted.

As far as the underlying database, after the deletion of a user, records with the user id as a foreign key will have a value that no longer exists in the users table. Hence, any tools that operate directly on the database must take this into consideration.

By default administrators are the only users who can delete user accounts. They can delete accounts by clicking Manage, Manage Users, locating the user to be deleted and opening it details page, then clicking on the "Delete User" button which deletes the user.

Note that "Deleting Users" is not a reversible process. Hence, if it is required to re-add the user account, it is not possible to recreate the user account so that it gets the same ID and hence retains its history. However, manually creating a record in the users table with the same id, can possibly do that. However, this approach is not recommended or supported.

For open source and freeware projects, it is very common to setup MantisBT so that users can signup for an account and get a REPORTER access by default (configurable by the $g_default_new_account_access_level configuration option). The signup process can be enabled / disabled using the $g_allow_signup configuration option, which is enabled by default.

If user signup is enabled, then it is required that $g_send_reset_password is ON as well, and the e-mail settings properly configured (see Section 5.8, “Email”).

If email notifications ($g_enable_email_notification) is set to ON, users with access level about $g_notify_new_user_created_threshold_min will get a notification that a user account has been created. Information about the user like user name, email address, IP address are included in the email notification.

It is pretty common for users to forget their password. MantisBT provides two ways to handle such scenario: "Forgot Password" and "Reset Password".

"Forgot Password" is a self service scenario where users go to the login page, figure out they don't remember their password, and then click the "Lost your password?" link. Users are then asked for their user name and email address. If correct, then they are sent an email with a link which allows them to login to MantisBT and change their password.

"Reset Password" scenario is where a user reports to the administrator that they are not able to login into MantisBT anymore. This can be due to forgetting their password and possibly user name or email address that they used when signing up. The administrator then goes to Manage, Manage Users, locates the user account and opens its details. Under the user account details, there is a "Reset Password" button which the administrator can click to reset the password and trigger an email to the user to allow them to get into MantisBT and set their password. In the case where email notifications are disabled, resetting password will set the password to an empty string.

Administrators are able to impersonate users in order to reproduce an issue reported by a user, test their access making sure they can access the expected projects/issues/fields, or to create API tokens for service accounts that are used to grant other systems limited access to MantisBT.

Users are able to change their own passwords (unless their account is "protected"). This can be done by clicking on "My Account", and then typing the new password in the "Password" and "Confirm Password" fields, then clicking "Update User". Changing the password automatically invalidates all logged in sessions and hence the user will be required to re-login. Invalidating existing sessions is very useful in the case where a user going onto a computer, logs into MantisBT and leaves the computer without logging out. By changing the password from another computer, the session on the original computer automatically becomes invalidated.

The pruning function allows deleting of user accounts for accounts that have been created more than a week ago, and they never logged in. This is particularly useful for users who signed up with an invalid email or with a typo in their email address address.

The account pruning can be done by administrators by going to "Manage", "Manage Users", and clicking the "Prune Accounts" button inside the "Never Logged In" box.

MantisBT uses access levels to define what a user can do. Each user account has a global or default access level that is associated with it. This access level is used as the access level for such users for all actions associated with public projects as well as actions that are not related to a specific project. Users with global access level less than $g_private_project_threshold will not have access to private projects by default.

The default access levels shipped with MantisBT out of the box are VIEWER, REPORTER, UPDATER, DEVELOPER, MANAGER and ADMINISTRATOR. Each features has several configuration options associated with it and identifies the required access level to do certain actions. For example, viewing an issue, reporting an issue, updating an issue, adding a note, etc.

For example, in the case of reporting issues, the required access level is configurable using the $g_report_bug_threshold configuration option (which is defaulted to REPORTER). So for a user to be able to report an issue against a public project, the user must have a project-specific or a global access level that is greater than or equal to REPORTER. However, in the case of reporting an issue against a private project, the user must have project specific access level (that is explicitly granted against the project) that is higher than REPORTER or have a global access level that is higher than both $g_private_project_threshold and $g_report_bug_threshold.

Note that project specific access levels override the global access levels. For example, a user may have REPORTER as the global access level, but have a MANAGER access level to a specific project. Or a user may have MANAGER as the global access level by VIEWER access to a specific project. Access levels can be overridden for both public and private projects. However, overriding access level is not allowed for users with global access ADMINISTRATOR.

Each feature typically has multiple access control configuration options to define what access level can perform the operation. For example, adding a note may require REPORTER access level, updating it note may require DEVELOPER access level, unless the note was added by the same user.

Such threshold configuration options can be set to a single access level, which means users with such threshold and above are authorized to perform the action. The other option is to specify an array of access levels which indicates that users with the explicitly specific thresholds are allowed to execute the actions.

It is also worth mentioning that the access levels are defined by the $g_access_levels_enum_string configuration option, and it is possible to customize such list. The default value for the available access levels is '10:viewer, 25:reporter, 40:updater, 55:developer, 70:manager, 90:administrator'. The instructions about how to customize the list of access levels will be covered in the customization section.

If you are using a global user directory (LDAP, Active Directory), you may want to configure MantisBT so users who already exists in the directory will be automatically authenticated and added to MantisBT.

For example, a company may setup their MantisBT installation in a way, where its staff members that are already registered in their LDAP directory, should be allowed to login into MantisBT with the same user name and password. Another option could be if MantisBT is integrated into some content management system, where it is desired to have a single registration and single sign-on experience.

In such scenarios, once a user logs in for the first time, a user account is automatically created for them, although the password verification is still done against LDAP or the main users repository.

Users can fine tune the way MantisBT interacts with them by modifying their user preferences to override the defaults set by the administrator; If the administrator changes a default setting, it will not automatically cascade in the users' preferences once they have been set, so it is the users' responsibility to manage their own preferences.

The user preferences include the following:

Default Project: A user can choose the default project that is selected when the user first logs in. This can be a specific project or "All Projects". For users that only work on one project, it would make sense to set such project as the default project (rather than "All Projects"). The active project is part of the filter applied on the issues listed in the "View Issues" page. Also any newly reported issues will be associated with the active project.

Refresh Delay: The refresh delay is used to specify the number of seconds between auto-refreshes of the View Issues page.

Redirect Delay: The redirect delay is the number of seconds to wait after displaying flash messages like "Issue created successfully", and before the user gets redirected to the next page.

Notes Sort Order: The preference relating to how notes should be ordered when issue is viewed or in email notifications. Ascending order means that older notes are displayed first

Email on XXX: If unticked, then the notifications related to the corresponding event would be disabled. User can also specify the minimum issue severity of for the email to be sent.

Note that the preference is only used to disable notifications that as per the administrator's configuration, this user would have qualified to receive.

Email Notes Limit: This preference can be used to limit the number of issue notes to be included in a email notifications. Specifying N here will cause only the latest N to be included. The value 0 means that all notes will be included.

Language: The preferred language of the user. This language is used by the GUI and in email notifications. Note that MantisBT uses UTF8 for encoding the data, hence the user could for example use MantisBT with a Chinese interface, while logging issue data in German.

A user profile describes an environment that used to run the software for which issues are being tracked.

When reporting issues, users can elect to enter information like platform, operating system and version manually, or they can choose from a list of available profiles.

Each user has access to all the personal profiles they create, in addition to global ones; Profile data includes "Platform", "Operating System", "OS Version", and "Additional Description".

Global profiles are typically used by the administrator to define a set of standard system settings used in their environment, which saves users the trouble of having to define them individually. The access level required to manage global profiles is configured by the $g_manage_global_profile_threshold configuration option and defaults to MANAGER.

The life cycle of an issue starts with its creation. An issue can be created via one of the following channels:

MantisBT Web Interface - This is where a user logs into MantisBT and reports a new issue.

SOAP API - Where an application automatically reports an issue into MantisBT using the SOAP API web services interfaces. For example, the nightly build script can automatically report an issue if the build fails.

Email - This is not supported out of the box, but there are existing MantisBT patches that would listen to emails on pre-configured email addresses and adds them to the MantisBT database.

Others - There can be several other ways to report issues. For example, applications / scripts that directly injects issues into MantisBT database (not recommended, except for one-off migration scripts), or PHP scripts that use the core MantisBT API to create new issues.

An important part of issue tracking is to classify issues as per their status. Each team may decide to have a different set of categorization for the status of the issues, and hence, MantisBT provides the ability to customize the list of statuses. MantisBT assumes that an issue can be in one of three stages: opened, resolved and closed. Hence, the customized statuses list will be mapped to these three stages. For example, MantisBT comes out of the box with the following statuses: new, feedback, acknowledged, confirmed, assigned, resolved and closed. In this case "new" -> "assigned" map to opened, "resolved" means resolved and "closed" means closed.

Following is the explanation of what the standard statuses that are shipped with MantisBT means.

New - This is the landing status for new issues. Issues stay in this status until they are assigned, acknowledged, confirmed or resolved. The next status can be "acknowledged", "confirmed", "assigned" or "resolved".

Acknowledged - This status is used by the development team to reflect their agreement to the suggested feature request. Or to agree with what the reporter is suggesting in an issue report, although they didn't yet attempt to reproduce what the reporter is referring to. The next status is typically "assigned" or "confirmed".

Confirmed - This status is typically used by the development team to mention that they agree with what the reporter is suggesting in the issue and that they have confirmed and reproduced the issue. The next status is typically "assigned".

Assigned - This status is used to reflect that the issue has been assigned to one of the team members and that such team member is actively working on the issue. The next status is typically "resolved".

Resolved - This status is used to reflect that the issue has been resolved. An issue can be resolved with one of many resolutions (customizable). For example, an issue can be resolved as "fixed", "duplicate", "won't fix", "no change required", etc. The next statuses are typically "closed" or in case of the issue being re-opened, then it would be "feedback".

Closed - This status reflects that the issue is completely closed and no further actions are required on it. It also typically hides the issue from the View Issues page. Some teams use "closed" to reflect sign-off by the reporter and others use it to reflect the fact that the fix has been released to customers.

Now that we have covered how an issue gets created, and what are the different statuses during the life cycle of such issues, the next step is to define the workflow. The workflow dictates the valid transitions between statuses and the user access level required of the user who triggers such transitions; in other words, how issues move from one status to another and who is authorized to trigger such transitions.

By default, there is no workflow defined, which means that all states are accessible from any other, by anyone.

The "Manage > Manage Configuration > Workflow Transitions" page allows users with ADMINISTRATOR access level to do the following tasks:

Define the valid next statuses for each status.

Define the default next status for each status.

Define the minimum access level required for a user to transition to each status.

Define the default status for newly created issues.

Define the status at which the issue is considered resolved. Any issues a status code greater than or equal to the specified status will be considered resolved.

Define the status which is assigned to issues that are re-opened.

Define the required access level to change the workflow.

Note that the scope of the applied change is dependent on the selected project. If "All Projects" is selected, then the configuration is to be used as the default for all projects, unless overidden by a specific project. To configure for a specific project, switch to it via the combobox at the top right corner of the screen.

The Global ("All Projects") workflow can also be defined in the config_inc.php file, as per the following example.

The workflow needs to have a path from the statuses greater than or equal to the 'resolved' state back to the 'feedback' state (see $g_bug_resolved_status_threshold and $g_bug_feedback_status under Section 5.22, “Status Settings”), otherwise, the re-open operation won't work.

Note

The first item in each list denotes the default value for this status, which will be pre-selected in the Change Status combobox in the View Issues page.

The "Manage > Manage Configuration > Workflow Thresholds" page allows users with ADMINISTRATOR access level to define the thresholds required to do certain actions. Following is a list of such actions and what they mean:

Report an issue - The access levels that are allowed to report an issue.

Update an issue - The access levels that are allowed to update the header information of an issue.

Allow issue to be closed on resolved - The access levels that are allow to resolve and close an issue in one step.

Allow reporter to close issue - Indicates if reporters should be allowed to close issues reported by them.

Monitor an issue - The access levels required for a user to be able to monitor an issue. Once a user monitors an issue, the user will be included in all future email notifications relating to changes in the issue.

Handle an issue - The access levels required for a user to be shown in the list of users that can handle an issue.

Assign an issue - The access levels required for a user to be able to change the handler (i.e. assign / unassign) an issue.

Move an issue - The access levels required for a user to be able to move an issue from one project to another. (TODO: are these access levels evaluated against source or destination project?).

Delete an issue - The access levels required for a user to be able to delete an issue.

Reopen an issue - The access levels required for a user to be able to re-open a resolved or closed issue.

Allow Reporter to re-open Issue - Whether the reporter of an issue can re-open a resolved or closed issue, independent of their access level.

Status to which a reopened issue is set - This is the status to which an issue is set after it is re-opened.

Resolution to which a reopen issue is set - The resolution to set on issues that are reopened.

Status where an issue is considered resolved - The status at which an issue is considered resolved.

Status where an issue becomes readonly - Issues with such status and above are considered read-only. Read-only issues can only be modified by users with a configured access level. Read-only applies to the issue header information as well as other issue related information like relationships, attachments, notes, etc.

Update readonly issues - The access levels required for a user to be able to modify a readonly issue.

Update issue status - The access levels required for a user to be able to modify the status of an issue.

View private issues - The access levels for a user to be able to view a private issue.

Set view status (public vs. private) - The access level for a user to be able to set whether an issue is private or public, when reporting the issue. If the user reporting the issues doesn't have the required access, then the issue will be created with the default view state.

Update view status (public vs private) - The access level required for a user to be able to update the view status (i.e. public vs. private).

Show list of users monitoring issue - The access level required for a user to be able to view the list of users monitoring an issue.

Set status on assignment of handler - The access levels required for a user to be able to re-assign an issue when changing its status.

Status to set auto-assigned issues to - The status - This is the status that is set on issues that are auto assigned to users that are associated with the category that the issuer is reported under.

Limit reporter's access to their own issues - When set, reporters are only allow to view issues that they have reported.

Add notes - The access levels required for users to be able to add notes.

Update notes - The access levels required for users to be able to update issue notes.

Allow user to edit their own issue notes - A flag that indicates the ability for users to edit issue notes report by them.

Delete note - The access levels required for a user to delete a note that they may or may not have reported themselves.

View private notes - The access levels required for a user to be able to view private notes associated with an issue that they have access to view.

View Change Log - The access levels required for a user to be able to view the change log.

View Assigned To - The access levels required for a user to be able to know the handler of an issue that they have access to.

View Issue History - The access levels required for a user to be able to view the history of changes of an issue.

Send reminders - The access levels required for a user to be able to send reminders to other users relating to an issue that they have access to.

MantisBT is highly customizable through the web interface and configuration files. Configuration options can be set globally as well as customized for a specific project or user (except for options listed in $g_global_settings, see Section 5.5, “Configuration Settings”).

Configuration options can be set in config_inc.php and in the database (using the various manage pages). Values stored in the database take precedence over values defined in config_inc.php. The former can also be viewed and updated on the Configuration Report page (Manage > Manage Configuration > Configuration Report).

To determine which value to use, MantisBT follows the list below, sequentially searching for the specified configuration option until a match is found.

MantisBT allows administrators to configure a prefix and a suffix for its tables. This is enables multiple MantisBT installation in the same database or schema.

Warning

Use of long strings for these configuration options may cause issues on RDBMS restricting the size of its identifiers, such as Oracle (which imposed a maximum size of 30 characters until version 12.1; starting with 12cR2 this limit has been increased to 128).

$g_db_table_prefix

Specifies the prefix to be used for all table names. The default value is 'mantis'.

The prefix can be used to help make sure table names are unique. This is useful for users who are limited to a single database or schema.

$g_db_table_suffix

Specifies the prefix to be appended to all table names. The default value is 'table'.

The suffix can be used to help make sure table names are unique. This is useful for users who are limited to one database.

$g_db_table_plugin_prefix

Specifies the prefix to be used to differentiate tables belonging to a plugin's schema from MantisBT's base tables. The default value is 'plugin'.

Plugin table names are built using the plugin's basename, e.g. for a table named 'foo' in the 'Example' plugin (with default values for prefixes and suffix), the physical table name would be mantis_plugin_Example_foo_table.

These path settings are important for proper linking within MantisBT. In most scenarios the default values should work fine, and you should not need to override them.

$g_path

URL to your installation as seen from the web browser; this is what you type into the URL field. Requires trailing '/' character. eg. 'http://www.example.com/mantisbt/'. In the following example https protocol is used: eg. 'https://www.example.com/mantisbt/'. MantisBT will default this to the correct value. However, in some cases it might be necessary to override the default. This is typically needed when an installation can be accessed by multiple URLs (internal vs external).

$g_short_path

Short web path without the domain name. This requires the trailing '/'.

$g_absolute_path

This is the absolute file system path to the MantisBT installation, it is defaulted to the directory where config_defaults_inc.php resides. Requires trailing '/' character (eg. '/usr/apache/htdocs/mantisbt/').

$g_core_path

This is the path to the core directory of your installation. The default value is usually OK but it is recommended that you move the 'core' directory out of your webroot. Requires trailing DIRECTORY_SEPARATOR character.

$g_class_path

This is the path to the classes directory which is a sub-directory of core by default. The default value is typically OK. Requires trailing DIRECTORY_SEPARATOR. character.

$g_library_path

This is the path to the library directory of your installation. The default value is usually OK but it is recommended that you move the 'library' directory out of your webroot. Requires trailing DIRECTORY_SEPARATOR character.

$g_language_path

This is the path to the language directory of your installation. The default value is usually OK but it is recommended that you move the 'language' directory out of your webroot. Requires trailing DIRECTORY_SEPARATOR character.

$g_manual_url

This is the url to the MantisBT online manual. Requires trailing '/' character.

Location where session files are stored. The default is false, meaning the session handler's default location will be used.

$g_session_validation

Use Session validation (defaults to ON)

Warning

Disabling this could be a potential security risk !

$g_form_security_validation

Form security validation, defaults to ON. This protects against Cross-Site Request Forgery. Some proxy servers may not correctly work with this option enabled because they cache pages incorrectly.

Warning

Disabling this option is a security risk, it is strongly recommended to leave it ON

$g_custom_headers

An array of custom headers to be sent with each page.

For example, to allow your MantisBT installation to be viewed in a frame in IE6 when the frameset is not at the same hostname as the MantisBT install, you need to add a P3P header. You could try something like

$g_custom_headers = array( 'P3P: CP="CUR ADM"' );

in your config file, but make sure to check that your policy actually matches with what you are promising. See MSDN for more information.

Even though it is not recommended, you could also use this setting to disable previously sent headers. For example, assuming you didn't want to benefit from Content Security Policy (CSP), you could set:

$g_custom_headers = array( 'Content-Security-Policy:' );

Warning

Disabling CSP is a security risk, it is strongly recommended that you leave it as Mantis defines it.

This option contains the list of configuration options that are used to determine if it is allowed for a specific configuration option to be saved to or loaded from the database. Configuration options that are in the list are considered global only and hence are only configurable via the config_inc.php file and defaulted by config_defaults_inc.php file.

$g_public_config_names

This option contains a list of configuration options that can be queried via SOAP API.

CSP may cause issues in certain situations (e.g. during development), or when using plugins relying on externally hosted resources such as images or scripts.

MantisBT currently does not provide any mechanism for plugins to notify the Core of 'safe' external domains. Because of that, even though it is not recommended for obvious security reasons, you may wish to disable CSP. You can do so by specifying a Custom Header in your config_inc.php file (see Section 5.4, “Webserver”).

Warning

Disabling Content Security Policy is a security risk !

$g_crypto_master_salt

Master salt value used for cryptographic hashing throughout MantisBT. This value must be kept secret at all costs. You must generate a unique and random salt value for each installation of MantisBT you control. The minimum length of this string must be at least 16 characters.

The value you select for this salt should be a long string generated using a secure random number generator. An example for Linux systems is:

cat /dev/urandom | head -c 64 | base64

Note that the number of bits of entropy per byte of output from /dev/urandom is not 8. If you're particularly paranoid and don't mind waiting a long time, you could use /dev/random to get much closer to 8 bits of entropy per byte. Moving the mouse (if possible) while generating entropy via /dev/random will greatly improve the speed at which /dev/random produces entropy.

This setting is blank by default. MantisBT will not operate in this state. Hence you are forced to change the value of this configuration option.

Warning

This configuration option has a profound impact on the security of your MantisBT installation. Failure to set this configuration option correctly could lead to your MantisBT installation being compromised. Ensure that this value remains secret. Treat it with the same security that you'd treat the password to your MantisDB database.

If ON (default), then $g_send_reset_password must be ON as well, and mail settings must be correctly configured (see Section 5.8, “Email”).

$g_max_failed_login_count

Maximum failing login attempts before the account is locked. Once locked, it's required to reset the password (lost password). Value resets to zero at each successfully login. Default is OFF.

$g_notify_new_user_created_threshold_min

The minimum global access level required to be notified when a new user registers via the "signup form". To pick specific access levels that are not necessarily at the higher end of access levels, use an array of access levels. Default is ADMINISTRATOR.

$g_send_reset_password

If ON (default), users will be sent their password when their account is created or password reset (this requires mail settings to be correctly configured).

If OFF, then the Administrator will have to provide a password when creating new accounts, and the password will be set to blank when reset.

The webmaster's e-mail address. This address is displayed in the bottom of all MantisBT pages. webmaster@example.com

$g_from_email

The email address to be used as the source of all emails sent by MantisBT. noreply@example.com

$g_return_path_email

Email address to receive bounced emails.

$g_enable_email_notification

Set to ON to enable email notifications, OFF to disable them. Default is ON. Note that disabling email notifications has no effect on emails generated as part of the user signup process. When set to OFF, the password reset feature is disabled. Additionally, notifications of administrators updating accounts are not sent to users.

$g_email_notifications_verbose

When enabled, the email notifications will include the full issue with a hint about the change type at the top, rather than using dedicated notifications that are focused on what changed. This change can be overridden in the database per user. Default is OFF.

$g_default_notify_flags

Associates a default notification flag with each action, to control who should be notified. The default will be used if the action is not defined in $g_notify_flags or if the flag is not included in the specific action definition.

sponsor: the sponsorship for the bug has changed (added, deleted or updated)

relation: a relationship for the bug has changed (added, deleted or updated)

monitor: a user is added to the monitor list.

In addition, an action can match the bug status in $g_status_enum_string. Note that spaces in the string are replaced with underscores ('_') when creating the action. Thus, using the defaults, 'feedback' would be a valid action.

$g_email_receive_own

This defines whether users should receive emails for their own actions. This option is defaulted to OFF, hence, users do not receive email notification for their own actions. This can be a source for confusions for users upgrading from MantisBT 0.17.x versions, since in these versions users used to get notified of their own actions.

If ON, allows the user to omit an email address field. If you allow users to create their own accounts, they must specify an email at that point, no matter what the value of this option is. Otherwise they wouldn't get their passwords.

Administrators are able to bypass this check to enable them to create special accounts like anonymous access and other service accounts that don't need notifications.

$g_email_login_enabled

Enable support for logging in by email and password, in addition to username and password. This will only work as long as there is a single user with the specified email address and the email address is not blank. The default value is OFF.

$g_email_ensure_unique

When enabled, the uniqueness of email addresses will be inforced for new users as well as updates to existing ones. Note that there can be duplicate emails before this option was turned ON. Default is ON.

$g_limit_email_domains

Only allow and send email to addresses in the given domain(s). This is useful as a security feature and it is also useful in cases like Sourceforge where its servers are only limited to send emails to SourceForge email addresses in order to avoid spam. $g_limit_email_domains = array( 'users.sourceforge.net', 'sourceforge.net' );

$g_show_user_email_threshold

This specifies the access level that is needed to have user names hyperlinked with mailto: links. The default value is NOBODY, hence, even administrators won't have this feature enabled.

$g_phpMailer_method

Select the method to send mail:

PHPMAILER_METHOD_MAIL for use of mail() function,

PHPMAILER_METHOD_SENDMAIL for sendmail (or postfix),

PHPMAILER_METHOD_SMTP for SMTP,

Default is PHPMAILER_METHOD_MAIL.

$g_smtp_host

This option specifies the SMTP server to submit messages to. The SMTP server (MTA) then takes on the responsibility of delivering messages to their final destinations.

To use the local SMTP (if available) set this to 'localhost', otherwise use the fully qualified domain name of the remote SMTP server.

It can be either a single hostname, or multiple semicolon-delimited hostnames. You can specify for each host a port other than the default, using format: hostname:port (e.g. "smtp1.example.com:25;smtp2.example.com").

Hosts will be tried in the given order.

Note

This is only used with PHPMAILER_METHOD_SMTP (see $g_phpmailer_method).

The default is 'localhost'.

$g_smtp_port

The default SMTP port to use. This can be overridden individually for specific hosts. (see $g_smtp_host).

Typical SMTP ports are 25 and 587.

The default is 25.

$g_smtp_connection_mode

Allow secure connection to the SMTP server. Valid values are:

'' (empty string): No encryption. This is the default.

ssl

tls

$g_smtp_username

SMTP Server Authentication user

Allows the use of SMTP Authentication when using a remote SMTP host.

Note

must be set to '' (empty string) if the SMTP host does not require authentication.

Default is ''.

$g_smtp_password

This is the password that is used in SMTP Authentication. Not used when $g_smtp_username = ''

This is usually the same as your g_from_email. For example noreply@example.com

$g_email_send_using_cronjob

Disables sending of emails as soon as an action is performed. Emails are instead queued and must be sent by running scripts/send_emails.php periodically. This script can only be executed from the CLI, not from the web interface, for security reasons.

Enabling this option can help with performance problems if large numbers of emails are generated or mail delivery is slow by not delaying page execution when sending emails.

$g_email_separator1

Default is str_pad('', 70, '='); This means 70 equal signs.

$g_email_separator2

Default is str_pad('', 70, '-'); This means 70 minus signs.

$g_email_padding_length

Default is 28.

MantisBT uses flags and a threshold system to generate emails on events. For each new event, email is sent to:

This is the language used by default in MantisBT. This may be set to 'auto' where MantisBT will try to determine the language from the browser.

$g_language_choices_arr

This is to be set to an array of languages that are available for users to choose from. The default value includes all languages supported by MantisBT. The administrator can limit the languages available for users to choose from by overriding this value. For example, to support English, French and German include the following code:

$g_language_choices_arr = array( 'english', 'french', 'german' );

Of course, administrators can also add their own languages by translating the strings and creating their own language files. You are encouraged to share any translation work that you do with the MantisBT team. This will ensure that the newly created language file is maintained with future MantisBT releases.All language files reside in the lang/ folder. They are all named according to the following pattern: strings_<language>.txt.

$g_fallback_language

This is the language used if MantisBT cannot determine the language from the browser. It defaults to 'english'.As of 0.19.0, this may be set to 'auto' where MantisBT will try to determine the language from the browser.

Note

If a string does not exist in the active language, the English string is used instead.

Name of the google font family for the browser to use. For all available fonts, see: fonts.google.com .

$g_font_family_choices

Google font family list offered to the user to chose from. Font files are fetched from google servers.

$g_font_family_choices_local

This is a small subset of $g_font_family_choices in which font files are part of MantisBT installation.

$g_window_title

This is the browser window title (<TITLE> tag).

$g_search_title

This is used as prefix to describe Browser Search entries, and must be short enough so that when inserted into the 'opensearch_XXX_short' language string, the resulting text is 16 characters or less, to be compliant with the limit for the ShortName element as defined in the OpenSearch specification .

Defaults to the value of $g_window_title.

$g_favicon_image

Path to the favorites icon relative to MantisBT root folder This icon should be of image/x-icon MIME type, and its size 16x16 pixels. It is also used to decorate OpenSearch Browser search entries. (default 'images/favicon.ico').

The default URL to be associated with the logo. By default this is set to $g_default_home_page (which defaults to My View page). Clicking on the logo from any page in the bug tracker will navigate to the URL specified in this configuration option.

$g_show_project_menu_bar

This option specifies whether to add menu at the top of the page which includes links to all the projects. The default value is OFF.

$g_show_assigned_names

When a bug is assigned then replace the word "assigned" with the name of the developer in parenthesis. Default is ON.

$g_show_priority_text

Specifies whether to show priority as text (ON) or icon (OFF) in the view all bugs page. Default is OFF (icon).

$g_priority_significant_threshold

Define the priority level at which a bug becomes significant. Significant bugs are displayed with emphasis. Set this value to -1 to disable the feature. The default value is HIGH.

$g_severity_significant_threshold

Define the severity level at which a bug becomes significant. Significant bugs are displayed with emphasis. Set this value to -1 to disable the feature. The default value is MAJOR.

$g_view_issues_page_columns

This configuration option is used to select the columns to be included in the View Issues page and in which order. If one of the column is not accessible to the logged in user, or corresponds to a disabled feature, then it will be automatically removed from the list at runtime. Hence, the same column list may show a different set of columns based on the logged in user, the currently selected project and enabled features (e.g. sponsorship_total is only shown if the sponsorship feature is enabled).

This controls display of the product version in the report, view, update and print issue pages. This flag also applies to other product version related fields like product build, fixed in version, and target version. Valid values are ON, OFF, and AUTO. ON for always displayed, AUTO for displayed when project has versions defined, and OFF for always OFF. The default value is AUTO.

$g_show_version_dates_threshold

The access level threshold at which users will see the date of release for product versions. Dates will be shown next to the product version, target version and fixed in version fields. Set this threshold to NOBODY to disable the feature. Default value is NOBODY.

$g_show_realname

This control will replace the user's userid with their realname. If it is set to ON, and the real name field has been populated, the replacement will occur. It defaults to OFF.

$g_show_avatar

Show the users' avatar

In addition to enabling this configuration option it is necessary to install an avatar plugin like the Gravatar plugin which is bundled out of the box.

$g_show_avatar_threshold

The threshold of users for which MantisBT should show the avatar (default DEVELOPER). Note that the threshold is related to the user for whom the avatar is being shown, rather than the user who is currently logged in.

These variables control how the date is displayed. The default is ISO 8601 formatting.

Please refer to the PHP manual for details on available formatting options.

$g_short_date_format

This format is used in the bug listing pages (eg: View Bugs). Default is Y-m-d.

$g_normal_date_format

This format is used in the view/update bug pages, bug notes, manage section, and news section. Default is Y-m-d H:i.

$g_complete_date_format

This format is used on the top of each page (current time) and the emails that are sent out. Default is Y-m-d H:i T.

$g_datetime_picker_format

This format is used with the datetime picker widget. Default is Y-MM-DD H:m.

Note

The formatting convention for the DateTime picker is different from the one used for the other date settings described above; see Moment.js documention for details.

Warning

This format needs to match the one defined in $g_normal_date_format. Inconsistencies between these two settings, e.g. using different date ordering (DMY, MDY or YMD) or displaying the month as a number vs a word or abbreviation, may result in unexpected behavior such as an invalid interpretation of the date by the DateTime picker widget, or errors trying to save a modified date.

This is the default access level users are given when their account is created by email. The default access level is REPORTER. Look in constant_inc.php for other values.

$g_default_project_view_status

The default viewing status for new projects (VS_PUBLIC or VS_PRIVATE). The default is VS_PUBLIC.

$g_default_bug_view_status

The default viewing status for the new bug (VS_PUBLIC or VS_PRIVATE). The default is VS_PUBLIC.

$g_default_bugnote_view_status

The default viewing status for the new bugnote (VS_PUBLIC or VS_PRIVATE). The default is VS_PUBLIC.

$g_timeline_view_threshold

Threshold for viewing timeline information. Use NOBODY to turn it off. If the timeline is turned off, the other widgets are displayed in a two column view. The default is VIEWER.

$g_default_reminder_view_status

The default viewing status for the new reminders (VS_PUBLIC or VS_PRIVATE). The default is VS_PUBLIC.

$g_reminder_receive_threshold

The minimum access level for a user to show up in the reminder user picker. Note that this is the access level for the project for which the issue belongs. The default is DEVELOPER.

$g_default_bug_resolution

The resolution for a newly created issue. The default is OPEN. Look in constant_inc.php for other values.

$g_default_bug_severity

The severity for a newly created issue. The default is MINOR. Look in constant_inc.php for other values.

$g_default_bug_priority

The priority for a newly created issue. The default is NORMAL. Look in constant_inc.php for other values.

$g_default_bug_reproducibility

The reproducibility for a newly created issue. The default is REPRODUCIBILITY_HAVENOTTRIED. Look in constant_inc.php for other values.

$g_default_bug_projection

The projection for a newly created issue. The default is PROJECTION_NONE. Look in constant_inc.php for other values.

$g_default_bug_eta

The ETA for a newly created issue. The default is ETA_NONE. Look in constant_inc.php for other values.

$g_default_category_for_moves

Default global category to be used when an issue is moved from a project to another that doesn't have a category with a matching name. The default is 1 which is the "General" category that is created in the default database.

$g_default_limit_view

Number of bugs to show in the View Bugs page. The default value is 50.

$g_default_show_changed

Highlight bugs that have changed during the last N hours. The default value is 6.

$g_hide_status_default

Controls which issues will be displayed in the View Issues page. Default value is CLOSED, implying that all issues at "closed" or higher state will not be shown.

$g_min_refresh_delay

This is the delay between automatic refreshes of the View Issues page in minutes. Make sure refresh delay in user preferences isn't too short. If a users set their preferences to be lower then it is bumped back up to this minimum value. The default value is 10 minutes.

These settings are used as the default values for preferences for new users. Each user can override these settings through the user preferences form. Default language is set to default site language ($g_default_language).

Default user preferences to enable receiving emails when a bug is set to the corresponding status. This option only has an effect if users have the required access level to receive such emails. Default value is ON.

Default user preferences to enable filtering based on issue severity. These correspond to the email_on_status and email_on_priority settings. Default is 'any'. Note that this option is not yet implemented.

These are the settings that are used to configuration options related to the Summary page. This page contains statistics about the bugs in MantisBT.

$g_reporter_summary_limit

Limit how many reporters to show in the summary page. This is useful when there are dozens or hundreds of reporters. The default value is 10.

$g_date_partitions

An array of date lengths to count bugs by (in days) for the summary by date. The default is to count for 1, 2, 3, 7, 30, 60, 90, 180, and 365.

$g_summary_category_include_project

Specifies whether category names should be preceded by project names (eg: [Project] Category) when the summary page is viewed for all projects. This is useful in the case where category names are common across projects. The default is OFF.

$g_view_summary_threshold

Specifies the access level required to view the summary page. Default is MANAGER.

$g_severity_multipliers

An array of multipliers which are used to determine the effectiveness of reporters based on the severity of bugs. Higher multipliers will result in an increase in reporter effectiveness. The default multipliers are:

The keys of the array are severity constants from constant_inc.php or from custom_constants_inc.php if you have custom severities defined. The values are integers, typically in the range of 0 to 10. If you would like for a severity to not count towards effectiveness, set the value to 0 for that severity.

$g_resolution_multipliers

An array of multipliers which are used to determine the effectiveness of reporters based on the resolution of bugs. Higher multipliers will result in a decrease in reporter effectiveness. The only resolutions that need to be defined here are those which match or exceed $g_bug_resolution_not_fixed_threshold. The default multipliers are:

The keys of the array are resolution constants from constant_inc.php or from custom_constants_inc.php if you have custom resolutions defined. Resolutions not included here will be assumed to have a multiplier value of 0. The values are integers, typically in the range of 0 to 10. If you would like for a resolution to not count towards effectiveness, set the value to 0 for that resolution or remove it from the array completely. Note that these resolution multipliers are stacked on top of the severity multipliers. Therefore by default, a user reporting many duplicate bugs at severity level BLOCK will be far worse off than a user reporting many duplicate bugs at severity level FEATURE.

MantisBT allows users to upload file attachments and associate them with bugs as well as projects. Bug attachments / project documents can be uploaded to the webserver or database. When bugs are uploaded to the webserver they are uploaded to the path that is configured in the project properties. In case of problems getting the file upload feature to work, check the following resources: PHP Manual .

$g_allow_file_upload

Whether to allow/disallow uploading of attachments. Default value is ON.

$g_file_upload_method

Specify the location for uploading attachments. In case of DISK methods you need to provide the webserver with write access rights to the configured upload path (configured in the project) and temporary upload path (used by PHP).

Values: DISK or DATABASE

Default: DATABASE

$g_dropzone_enabled

Whether to enable/disable drag and drop zone for uploading of attachments. Default value is ON.

$g_file_upload_max_num

Maximum number of files that can be uploaded simultaneously. Default value is 10.

$g_max_file_size

Maximum file size that can be uploaded. Default value is about 5MB. The maximum size is also affected by the PHP options post_max_size (default 8MB), upload_max_filesize (default 2MB) and memory_limit (default 128MB) specified in php.ini.

$g_allowed_files

Files that are allowed. Separate items by commas. eg. "zip,bmp,gif,jpg,txt" If $g_allowed_files is filled in NO other file types will be allowed. If empty it will assume any files are accepted that pass the $g_disallowed_files list.

$g_disallowed_files

Files that are not allowed. Separate items by commas. eg. "php,php3,phtml,html,class,java,exe,pl" $g_disallowed_files takes precedence over $g_allowed_files. It is recommended to disable all extensions that can be executed by your server.

$g_preview_attachments_inline_max_size

This limit applies to previewing of image / text attachments. If the attachment size is smaller than the specified value, the attachment is previewed with the issue details. The previewing can be disabled by setting this configuration to 0. The default value is 256 * 1024 (256KB).

$g_fileinfo_magic_db_file

Specify the filename of the magic database file. This is used by PHP 5.3.0 (or earlier versions with the fileinfo PECL extension) to guess what the MIME type of a file is. Usually it is safe to leave this setting as the default (blank) as PHP is usually able to find this file by itself.

$g_file_download_xsendfile_enabled

Enable support for sending files to users via a more efficient X-Sendfile method. HTTP server software supporting this technique includes Lighttpd, Cherokee, Apache with mod_xsendfile and nginx. You may need to set the proceeding file_download_xsendfile_header_name option to suit the server you are using.

$g_file_download_xsendfile_header_name

The name of the X-Sendfile header to use. Each server tends to implement this functionality in a slightly different way and thus the naming conventions for the header differ between each server. Lighttpd from v1.5, Apache with mod_xsendfile and Cherokee web servers use X-Sendfile. nginx uses X-Accel-Redirect and Lighttpd v1.4 uses X-LIGHTTPD-send-file.

This flag controls whether www URLs and email addresses are automatically converted into clickable links as well as where the www links open when clicked. The options are:

OFF - do not convert URLs or emails

LINKS_SAME_WINDOW - convert to links that open in current tab/window. NOTE: for backwards-compatibility, this is equivalent to ON.

LINKS_NEW_WINDOW - convert to links that open in a new tab/window

Default is LINKS_SAME_WINDOW.

$g_html_valid_tags

This is the list of HTML tags that are allowed.Do NOT include href or img tags here.Do NOT include tags that have parameters (eg. )The HTML code is allowed to enter the database as is. The $g_allow_href_tags does not have to be enabled to make URL links. The package will automatically hyperlink properly formatted URLs eg. http://blah.blah/ or mailto://me@more.com/

$g_bottom_include_page

Specifies a file to be included at the bottom of each page. It can be used e.g. for company branding, to include Google Analytics script, etc.

$g_top_include_page

Specifies a file to be included at the top of each page. It can be used e.g. for company branding.

If a file is supplied, the logo specified by $g_logo_image (see Section 5.11, “Display”) will not be shown, and the include file will have to handle display of the logo. To do so you can use the html_print_logo() API function, which will display the logo with an URL link if one has been specified in $g_logo_url

A flag that indicates whether to use CDN (content delivery networks) for loading javascript libraries and their associated CSS. This improves performance for loading MantisBT pages. This can be disabled if it is desired that MantisBT doesn't reach out outside corporate network. Default OFF.

$g_main_menu_custom_options

This option will add custom options to the main menu. It is an array of arrays listing the caption, access level required, and the link to be executed. For example:

Note that if the caption is found in the Custom Strings File (see Section 7.1, “Strings / Translations”) it will be replaced by the corresponding translated string. Options will only be added to the menu if the current logged in user has the appropriate access level.

The parameters below are only used if $g_login_method (see above) is set to LDAP.

$g_ldap_server

Specifies the LDAP or Active Directory server to connect to, and must be provided as an URI

The protocol is optional, can be one of ldap or ldaps, and defaults to ldap.

The port number is optional, and defaults to 389. If this doesn't work, try using one of the following standard port numbers: 636 (ldaps); for Active Directory Global Catalog forest-wide search, use 3268 (ldap) or 3269 (ldaps)

Status to assign to the bug when feedback is required from the issue reporter. Once the reporter adds a note the status moves back from feedback to $g_bug_assigned_status or $g_bug_submit_status based on whether the bug assigned or not.

$g_reassign_on_feedback

When a note is added to a bug currently in $g_bug_feedback_status, and the note author is the bug's reporter, this option will automatically set the bug status to $g_bug_submit_status or $g_bug_assigned_status if the bug is assigned to a developer. Default value is ON.

$g_bug_duplicate_resolution

Default resolution to assign to a bug when it is resolved as being a duplicate of another issue. Default value is DUPLICATE.

$g_bug_reopen_resolution

Resolution to assign to the bug when reopened. Default value is REOPENED.

$g_auto_set_status_to_assigned

Automatically set status to $g_bug_assigned_status whenever a bug is assigned to a person. Installations where assigned status is to be used when the defect is in progress, rather than just put in a person's queue should set it to OFF. Default is ON. For the status change to be effective, these conditions must be met:

Bug has no handler, and a new handler is selected

The assignment is not part of a explicit status change

Current bug status is lower than defined "assigned" status

"Assigned" status is reachable by workflow configuration

If the conditions are not met, the assignment is still made, but status will not be modified.

$g_bug_resolved_status_threshold

Bug is resolved, ready to be closed or reopened. In some custom installations a bug maybe considered as resolved when it is moved to a custom (FIXED OR TESTED) status.

$g_bug_resolution_fixed_threshold

Threshold resolution which denotes that a bug has been resolved and successfully fixed by developers. Resolutions above and including this threshold and below $g_bug_resolution_not_fixed_threshold are considered to be resolved successfully. Default value is FIXED.

$g_bug_resolution_not_fixed_threshold

Threshold resolution which denotes that a bug has been resolved without being successfully fixed by developers. Resolutions above this threshold are considered to be resolved in an unsuccessful way. Default value is UNABLE_TO_REPRODUCE.

$g_bug_readonly_status_threshold $g_update_readonly_bug_threshold

Bug becomes readonly if its status is >= $g_bug_readonly_status_threshold. The bug becomes read/write again if re-opened and its status becomes less than this threshold. The default is RESOLVED. Once the bug becomes readonly, a user with an access level greater than or equal to $g_update_readonly_bug_threshold can still edit the bug.

$g_status_enum_workflow

'status_enum_workflow' defines the workflow, and reflects a simple 2-dimensional matrix. For each existing status, you define which statuses you can go to from that status, e.g. from NEW_ you might list statuses '10:new,20:feedback,30:acknowledged' but not higher ones.The default is no workflow, where all states are accessible from any others.

$g_report_bug_threshold

This is the access level required to open a bug. The default is REPORTER.

$g_update_bug_threshold

This is the access level generally required to update the content of a bug. The default is UPDATER.

$g_handle_bug_threshold

This is the access level generally required to be access level needed to be listed in the assign to field. The default is DEVELOPER. If a more restrictive setting can be determined from $g_set_status_threshold, it will be used.

$g_update_bug_status_threshold $g_set_status_threshold

These settings control the access level required to promote a bug to a new status once the bug is opened.$g_set_status_threshold is an array indexed by the status value that allows a distinct setting for each status. It defaults to blank.If the appropriate status is not defined above, $g_update_bug_status_threshold is used instead. The default is DEVELOPER.

$g_bugnote_user_edit_threshold

Threshold at which a user can edit his/her own bugnotes. The default value is equal to the configuration setting $g_update_bugnote_threshold.

$g_bugnote_user_delete_threshold

Threshold at which a user can delete his/her own bugnotes. The default value is equal to the configuration setting $g_delete_bugnote_threshold.

$g_bugnote_user_change_view_state_threshold

Threshold at which a user can change the view status of his/her own bugnotes. The default value is equal to the configuration setting $g_change_view_status_threshold.

$g_allow_reporter_close

If set, the bug reporter is allowed to close their own bugs, regardless of their access level. The default is OFF.

$g_allow_reporter_reopen

If set, the bug reporter is allowed to reopen their own bugs once resolved, regardless of their access level. This allows the reporter to disagree with the resolution. The default is ON.

$g_allow_parent_of_unresolved_to_close

If set, no check is performed on the status of a bug's children, which allows the parent to be closed whether or not the children have been resolved. The default is OFF.

SIMPLE_DEFAULT - defaults to simple view, but shows a link for advanced

ADVANCED_DEFAULT - defaults to advanced view, but shows a link for simple

$g_use_dynamic_filters = ON;

This switch enables the use of AJAX to dynamically load and create filter form controls upon request. This method will reduce the amount of data that needs to be transferred upon each page load dealing with filters and thus will result in speed improvements and bandwidth reduction.

$g_create_permalink_threshold

The threshold required for users to be able to create permalinks (default DEVELOPER). To turn this feature off use NOBODY.

$g_create_short_url

The service to use to create a short URL. The %s will be replaced by the long URL. By default http://www.tinyurl service is used to shorten URLs.

The regular expression to use when validating new user login names. The default regular expression allows a-z, A-Z, 0-9, +, -, dot, space and underscore. If you change this, you may want to update the ERROR_USER_NAME_INVALID string in the language files to explain the rules you are using on your site.

See Wikipedia for more details about regular expressions. For testing regular expressions, use Rubular.

$g_monitor_bug_threshold

Access level needed to monitor bugs. The default value is REPORTER.

$g_monitor_add_others_bug_threshold

Access level needed to add other users to the list of users monitoring a bug. The default value is DEVELOPER.

$g_monitor_delete_others_bug_threshold

Access level needed to delete other users from the list of users monitoring a bug. The default value is DEVELOPER.

$g_limit_reporters

Limit reporters to only viewing bugs that they report.

$g_allow_reporter_close

Allow reporters to close the bugs they reported.

$g_delete_bug_threshold

Allow the specified access level and above to delete bugs.

$g_bug_move_access_level

Allow the specified access level and above to move bugs between projects.

$g_allow_account_delete

Allow users to delete their own accounts.

$g_allow_anonymous_login

Enable anonymous access to Mantis. You must also specify $g_anonymous_account as the account which anonymous users will browse Mantis with. The default setting is OFF.

$g_anonymous_account

Define the account which anonymous users will assume when using Mantis. This account is considered by Mantis to be protected from modification. In other words, this account can only be modified by users with an access level equal to or higher than $g_manage_user_threshold. Anonymous users will not be able to adjust preferences or change account settings like normal users can.

You will need to create a new account to use for this $g_anonymous_account setting. When creating the account you should specify a password, email address and so forth in the same way you'd create any other account. It is suggested that the access level for this account be set to VIEWER or some other read only level.

The anonymous user account will not receive standard notifications and can not monitor issues.

The default setting is blank/undefined. You only need to define this setting when $g_allow_anonymous_login is set to ON.

$g_bug_link_tag

If a number follows this tag it will create a link to a bug. Default is '#'.

'#': a link would be #45

'bug:' a link would be bug:98

$g_bugnote_link_tag

If a number follows this tag it will create a link to a bug note. Default is '~'.

'~': a link would be ~45

'bugnote:' a link would be bugnote:98

$g_enable_project_documentation

Specifies whether to enable support for project documents or not. Default is OFF. This feature is deprecated and is expected to be moved to a plugin in the future.

$g_admin_site_threshold

Threshold at which a user is considered to be a site administrator. These users have the highest level of access to your Mantis installation. This access level is required to change key Mantis settings (such as server paths) and perform other administrative duties. You may need to change this value from the default of ADMINISTRATOR if you have defined a new access level to replace the default ADMINISTRATOR level in constant_inc.php.

Warning

This is a potentially dangerous configuration option. Users at or above this threshold value will have permission to all aspects of Mantis including the admin/ directory. With this access level, users can damage your installation of Mantis, destroy your database or have elevated access to your server.

DO NOT CHANGE THIS VALUE UNLESS YOU ABSOLUTELY KNOW WHAT YOU'RE DOING. BE VERY CAREFUL WITH CHANGING THIS CONFIGURATION VALUE FROM THE DEFAULT SETTING.

$g_manage_configuration_threshold

The threshold required for users to be able to manage configuration of a project. This includes workflow, email notifications, columns to view, and others. Default is MANAGER.

$g_view_configuration_threshold

Threshold for users to view the raw system configurations as stored in the database. The default value is ADMINISTRATOR.

$g_set_configuration_threshold

Threshold for users to set the system configurations generically via MantisBT web interface. The default value is ADMINISTRATOR.

Warning

Users who have access to set configuration via the interface MUST be trusted. This is due to the fact that these users can leverage the interface to inject PHP code into the system, which is a potential security risk.

All scripts in this directory and its sub-directories will be able to access MantisBT cookies.

Default value is '/'. It is recommended to set this to the actual MantisBT path.

$g_cookie_domain

The domain that the MantisBT cookies are available to.

$g_cookie_prefix

Prefix for all MantisBT cookies

This should be an identifier which does not include spaces or periods, and should be unique per MantisBT installation, especially if $g_cookie_path is not restricting the cookies' scope to the actual MantisBT directory.

It applies to the cookies listed below. Their actual names are calculated by prepending the prefix, and it is not expected for the user to need to change these.

This option is used to enable buffering/compression of HTML output if the user's browser supports it. Default value is ON. This option will be ignored in the following scenarios:

If php.ini has zlib.output_compression enabled.

If php.ini has output_handler set to a handler.

If PHP does not include the zlib extension (PHP 4.3.0 and later include zlib extension by default).

You can check the loaded modules in your PHP by running "php -m" on the command line, or by using php_info() command in a php script.

$g_use_persistent_connections

Use persistent database connections, setting this to ON will open the database once per connection, rather than once per page. There might be some scalability issues here and that is why it is defaulted to OFF.

Sending reminders is a feature where a user can notify / remind other users about a bug. In the past, only selected users like the managers, or developers would get notified about bugs. However, these people can not invite other people (through MantisBT) to look at or monitor these bugs.

This feature is useful if the Manager needs to get feedback from testers / requirements team about a certain bug. It avoid needing this person to do this manual outside MantisBT. It also records the history of such reminders.

$g_store_reminders

Specifies if reminders should be stored as bugnotes. The bugnote will still reflect that it is a reminder and list the names of users that got it. Default is ON.

$g_reminder_recipients_monitor_bug

Specifies if users who receive reminders about a bug, should be automatically added to the monitor list of that bug. Default is ON.

$g_mentions_enabled

Enables or disables the @ mentions feature. Default is ON. When a user is @ mentioned in an issue or a note, they receive an email notification to get their attention. Users can be @ mentioned using their username and not realname.

This feature works with fields like summary, description, additional info, steps to reproduce and notes.

Bug history is a feature where MantisBT tracks all modifications that are made to bugs. These include everything starting from its creation, till it is closed. For each change, the bug history will record the time stamp, user who made the change, field that changed, old value, and new value.

Independent of the these settings, MantisBT will always track the changes to a bug and add them to its history.

$g_history_default_visible

Make the bug history visible by default. If this option is not enabled, then the user will have to click on the Bug History link to see the bug history. Default is ON.

$g_history_order

Show bug history entries in ascending or descending order. Default value is 'ASC'.

This enables the relationship graphs feature where issues are represented by nodes and relationships as links between such nodes. Possible values are ON or OFF. Default is OFF.

This feature requires installing GraphViz (all OSes except Windows) or WinGraphviz (only Windows). Refer to the notes near the top of core/graphviz_api.php and core/relationship_graph_api.php for more information.

$g_relationship_graph_fontname

Font name and size, as required by Graphviz. If Graphviz fails to run for you, you are probably using a font name that gd PHP extension can't find. On Linux, try the name of the font file without the extension. The default value is 'Arial'.

$g_relationship_graph_fontsize

Font size, default is 8.

$g_relationship_graph_orientation

Default dependency orientation. If you have issues with lots of children or parents, leave as 'horizontal', otherwise, if you have lots of "chained" issue dependencies, change to 'vertical'. Default is 'horizontal'.

$g_relationship_graph_max_depth

Max depth for relation graphs. This only affects relationship graphs, dependency graphs are drawn to the full depth. The default value is 2.

$g_relationship_graph_view_on_click

If set to ON, clicking on an issue on the relationship graph will open the bug view page for that issue, otherwise, will navigate to the relationship graph for that issue.

$g_dot_tool

The full path for the dot tool. The webserver must have execute permission to this program in order to generate relationship graphs. This configuration option is not relevant for Windows. The default value is '/usr/bin/dot'.

$g_neato_tool

The full path for the neato tool. The webserver must have execute permission to this program in order to generate relationship graphs. This configuration option is not relevant for Windows. The default value is '/usr/bin/neato'.

Wiki namespace to be used as root for all pages relating to this MantisBT installation.

$g_wiki_engine_url

URL under which the wiki engine is hosted.

Must be on the same server as MantisBT, requires a trailing '/'.

If left empty (default), the URL is derived from the global MantisBT path ($g_path, see Section 5.3, “Path”), replacing the URL's path component by the wiki engine string (i.e. if $g_path = 'http://example.com/mantis/' and $g_wiki_engine = 'dokuwiki', the wiki URL will be 'http://example.com/dokuwiki/').

The summary and description fields are always shown and do not need to be listed in this option. Fields not listed above cannot be shown on the bug report page. Visibility of custom fields is handled via the Manage => Manage Custom Fields administrator page.

This setting can be set on a per-project basis by using the Manage => Manage Configuration administrator page.

This section describes settings which can be used to troubleshoot MantisBT operations as well as assist during development.

$g_show_timer

Time page loads. The page execution timer shows at the bottom of each page.

Default is OFF.

$g_show_memory_usage

Show memory usage for each page load in the footer.

Default is OFF.

$g_debug_email

Used for debugging e-mail notifications. When it is '', the emails are sent normally. If set to an e-mail address, all messages are sent to it, with the original recipients (To, Cc, Bcc) included in the message body.

Default is ''.

$g_show_queries_count

Shows the total number/unique number of queries executed to serve the page.

Default is OFF.

$g_display_errors

Errors Display Method. Defines what errors are displayed and how. Available options are:

DISPLAY_ERROR_HALT

Stop and display the error message (including variables and backtrace if $g_show_detailed_errors is ON).

DISPLAY_ERROR_INLINE

Display a one line error and continue execution.

DISPLAY_ERROR_NONE

Suppress the error (no display). This is the default behavior for unspecified errors constants.

The default settings, recommended for use in production will only display and exit on errors and suppress warninga and notices.

E_USER_ERROR should always be set to DISPLAY_ERROR_HALT. Using any other value will cause program execution to continue despite the error, which may lead to data integrity issues and/or cause MantisBT to function incorrectly.

$g_show_detailed_errors

Shows a list of variables and their values whenever an error is triggered. Only applies to error types configured to DISPLAY_ERROR_HALT in $g_display_errors.

Default is OFF.

Warning

Setting this to ON is a potential security hazard, as it can expose sensitive information. Only enable this setting for debugging purposes when you really need it.

$g_stop_on_errors

Debug messages. If this option is turned OFF, page redirects will function if a non-fatal error occurs. For debugging purposes, you can set this to ON so that any non-fatal error will prevent page redirection, allowing you to see the errors.

Default is OFF.

Note

This should only be turned on when debugging.

$g_log_level

The system logging interface is used to extract detailed debugging information for the MantisBT system. It can also serve as an audit trail for users' actions.

This controls the type of logging information recorded. Refer to $g_log_destination for details on where to save the logs.

Allow time tracking to be recorded without writing some text in the associated bugnote - Default is ON

$g_time_tracking_with_billing

Adds calculation links to workout how much time has been spent between a particular time frame. Currently it will allow you to enter a cost/hour and will work out some billing information. This will become more extensive in the future. Currently it is more of a proof of concept.

$g_time_tracking_billing_rate

Default billing rate per hour - Default is 0

$g_time_tracking_stopwatch

Instead of a text field turning this option on places a stopwatch on the page with Start/Stop and Reset buttons next to it. A bit gimmicky, but who cares.

MantisBT exposes a webservice API which allows remote clients to interact with MantisBT and perform many of the usual tasks, such as reporting issues, running filtered searches and retrieving attachments.

The SOAP API is enabled by default and available at /api/soap/mantisconnect.php below the MantisBT root. A WSDL file which describes the web service is available at /api/soap/mantisconnect.php?wsdl below the MantisBT root.

The REST API is experimental and is disabled by default. A Swagger sandbox and documentation for REST API is available at /api/rest/swagger/ below the MantisBT root.

The following options are used to control the behaviour of the MantisBT SOAP API:

Minimum project access level required for caller to be able to specify reporter when adding issues or issue notes. Defaults to DEVELOPER.

$g_webservice_rest_enabled

Whether the REST API is enabled or not. Note that this flag only impacts API Token based auth. Hence, even if the API is disabled, it can still be used from the Web UI using cookie based authentication. Default ON.

Just enter your username and password and hit the login button. There is also a Save Login checkbox to have the package remember that you are logged in between browser sessions. You will have to have cookies enabled to login.If the account doesn't exist, the account is disabled, or the password is incorrect then you will remain at the login page. An error message will be displayed.The administrator may allow users to sign up for their own accounts. If so, a link to Signup for your own account will be available.The administrator may also have anonymous login allowed. Anonymous users will be logged in under a common account.You will be allowed to select a project to work in after logging in. You can make a project your default selection from the Select Project screen or from your Account Options.SignupHere you can signup for a new account. You must supply a valid email address and select a unique username. Your randomly generated password will be emailed to your email account. If MantisBT is setup so that the email password is not to be emailed, newly generated accounts will have an empty password.

This is the first page you see upon logging in. It shows you the latest news updates for the bugtracker. This is a simple news module (based off of work by Scott Roberts) and is to keep users abreast of changes in the bugtracker or project. Some news postings are specific to projects and others are global across the entire bugtracker. This is set at the time of posting in the Edit News section.The number of news posts is controlled by a global variable. When the number of posts is more than the limit, a link to show "older news" is displayed at the bottom. Similarly a "newer news" is displayed when you have clicked on "older news".There is an Archives option at the bottom of the page to view all listings.ArchivesA title/date/poster listing of ALL past news articles will be listed here. Clicking on the link will bring up the specified article. This listing will also only display items that are either global or specific to the selected project.

Here we can view the issue listings. The page has a set of viewing filters at the top and the issues are listed below.FiltersThe filters control the behavior of the issues list. The filters are saved between browsing sessions but do not currently save sort order or direction.If the number of issues exceeds the "Show" count in the filter a set of navigation to go to "First", "Last", "Previous", "Next" and specific page numbers are added.The Search field will look for simple keyword matches in the summary, description, steps to reproduce, additional information, issue id, or issue text id fields. It does not search through issue notes. Issue List - The issues are listed in a table and the attributes are listed in the following order: priority, id, number of issue notes, category, severity, status, last updated, and summary. Each (except for number of issue notes) can be clicked on to sort by that column. Clicking again will reverse the direction of the sort. The default is to sort by last modification time, where the last modified issue appears at the top. The issue id is a link that leads to a more detailed report about the issue. You can also add issue notes here. The number in the issue note count column will be bold if an issue note has been added in the specified time frame. The addition of an issue note will make the issue note link of the issue appear in the unvisited state. The text in the "Severity" column will be bold if the severity is major, crash, or block and the issue not resolved. The text in the "Updated" column will be bold if the issue has changed in the last "Changed(hrs)" field which is specified in the viewing filters. Each table row is color coded according to the issue status. The colors can be customised through MantisBT configuration pages (see Chapter 5, Configuration for details). Severities block - prevents further work/progress from being made crash - crashes the application or blocking, major - major issue, minor - minor issue, tweak - needs tweaking, text - error in the text, trivial - being nit picky, feature - requesting new feature - Status new - new issue, feedback - issue requires more information from reporter, acknowledged - issue has been looked at but not confirmed or assigned, confirmed - confirmed and reproducible (typically set by an Updater or other Developer), assigned - assigned to a Developer, resolved - issue should be fixed, waiting on confirmation of fix, closed - issue is closed, Moving the mouse over the status text will show the resolution as a title. This is rendered by some browsers as a bubble and in others as a status line text.

Here is the simple listing of the issue report. Most of the fields are self-explanatory. "Assigned To" will contain the developer assigned to handle the issue. Priority is fully functional but currently does nothing of importance. Duplicate ID is used when an issue is a duplicate of another. It links to the duplicate issue which allows users to read up on the original issue report. Below the issue report is a set of buttons that a user can select to work on the issue.

Update Issue - brings up a page to edit all aspects of the issue

Assign to - in conjunction with the dropdown list next top the button, this is a shortcut to change the assignment of an issue

Change Status to - in conjunction with the dropdown list next top the button, this is a shortcut to change the status of an issue. Another page (Change Status) will be presented to allow the user to add notes or change relevant information

Monitor / Unmonitor Issue - allows the user to monitor any additions to the issue by email

Create Clone - create a copy of the current issue. This presents the user with a new issue reporting form with all of the information in the current issue filled in. Upon submission, a new issue, related to the current issue, will be created.

Reopen Issue - Allows the user to re-open a resolved issue

Move Issue - allows the user to move the issue to another project

Delete Issue - Allows the user to delete the issue permanently. It is recommended against deleting issues unless the entry is frivolous. Instead issues should be set to resolved and an appropriate resolution category chosen.

A panel is provided to view and update the sponsorship of an issue.Another panel is provided to view, delete and add relationships for an issue. Issues can have a parent/child relationship, where the user is warned about resolving a parent issue before all of the children are resolved. A peer relationship is also possible.Below this, there may be a form for uploading file attachments. The Administrator needs to configure the bugtracker to handle file uploads. If uploading to disk is selected, each project needs to set its own upload path. Issue notes are shown at the bottom of the issue report. A panel to add issue notes is also shown.

The layout of this page resembles the Simple Issue View page, but here you can update various issue fields. The Reporter, Category, Severity, and Reproducibility fields are editable but shouldn't be unless there is a gross mis-categorization.Also modifiable are the Assigned To, Priority, Projection, ETA, Resolution, and Duplicate ID fields.As per version 0.18.0, the user can also add an issue note as part of an issue update.

This page changes user alterable parameters for the system. These selections are user specific. This allows the user to change their password, username, real name and email address. It also reports the user's access levels on the current project and default access level used for public projects.

Provides the ability to select the fields to be displayed in View Issues, Print Issues, CSV and Excel exports. The changes apply to the currently selected projects or All Projects for setting the defaults. It is also possible to copy such settings from/to other projects.

Provides the ability to generate and revoke tokens that can be used by applications and services to access MantisBT via its APIs. This page also provides information about the creation and last used timestamps for such tokens.

This page allow an administrator to manage the users in the system.It essentially supplies a list of users defined in the system. The user names are linked to a page where you can change the user's name, access level, and projects to which they are assigned. You can also reset their passwords through this page.At the top, there is also a list of new users (who have created an account in the last week), and accounts where the user has yet to log in.New users are created using the "Create User" link above the list of existing users. Note that the username must be unique in the system. Further, note that the user's real name (as displayed on the screen) cannot match another user's user name.

This page allows the user to manage the projects listed in the system.Each project is listed along with a link to manage that specific project. The specific project pages allow the user to change:

the project name

the project description

its status

whether the project is public or private. Private projects are only visible to users who are assigned to it or users who have the access level to automatically have access to private projects (eg: administrators).

file directory used to store attachments for issues and documents associated with the project. This folder is located on the webserver, it can be absolute path or path relative to the main MantisBT folder. Note that this is only used if the files are stored on disk.

common subprojects. These are other projects who can be considered a sub-project of this one. They can be shared amongst multiple projects. For example, a "documentation" project may be shared amongst several development projects.

project categories. These are used to sub-divide the issues stored in the system.

project versions. These are used to create ChangeLog reports and can be used to filter issues. They are used for both the Found In and Fixed In versions.

Custom Fields linked to this project

Users linked to this project. Here is the place where a user's access level may be upgraded or downgraded depending on their particular role in the project.

This page is the base point for managing custom fields. It lists the custom fields defined in the system. There is also a place to enter a new field name to create a new field.The "Edit" links take you to a page where you can define the details of a custom field. These include it's name, type, value, and display information. On the edit page, the following information is defined to control the custom field:

Access (who can read and write the field based on their access level).

Display control (where the field will show up and must be filled in

All fields are compared in length to be greater than or equal to the minimum length, and less than or equal to the minimum length, unless these values are 0. If the values are 0, the check is skipped. All fields are also compared against the regular expression. If the value matches the expression, then the value is stored. For example, the expression "^-?([0-9])*$" can be used to constrain an integer.The table below describes the field types and the value constraints.

Type

Field Contents

Value Constraints

String

text string up to 255 characters

Numeric

an integer

Float

a floating point number

Enumeration

one of a list of text strings

Enter the list of text strings separated by "|" (pipe character) in the Possible Values field. The Default value should match one of these strings as well. This will be displayed as a dropdown menu.

Email

an email address string up to 255 characters

When displayed, the value will also be encapsulated in a mailto: reference.

Checkbox

zero or more of a list of text strings

Enter the list of text strings separated by "|" (pipe character) in the Possible Values field. The Default value should match one of these strings as well. This will be displayed as a list of text strings with a checkbox beside them.

List

one of a list of text strings

Enter the list of text strings separated by "|" (pipe character) in the Possible Values field. The Default value should match one of these strings as well. This will be displayed as a multi-line dropdown menu.

Multiselection List

zero or more of a list of text strings

Enter the list of text strings separated by "|" (pipe character) in the Possible Values field. The Default value should match one of these strings as well. This will be displayed as a multi-line dropdown menu.

Date

text string defining a date

This is displayed as a set of dropdown menus for day, month, and year. Defaults should be defined in yyyy-mm-dd format.

The display entries are used as follows:

Entry

Meaning

Display Only On Advanced Page

If checked, the field will NOT be shown on the simple issue displays

Display When Reporting Issues

If checked, the field will be shown on the report issues displays

Display When Updating Issues

If checked, the field will NOT be shown on the update issue and change status displays

Display When Resolving Issues

If checked, the field will NOT be shown on the update issue displays and change status displays, if the new status is resolved.

Display When Closing Issues

If checked, the field will NOT be shown on the update issue displays and change status displays, if the new status is closed.

Required On Report

If checked, the field must be filled in on the issue reports.

Required On Update

If checked, the field must be filled in on the update issue and change status displays.

Required On Resolve

If checked, the field must be filled in on the update issue and change status displays, if the new status is resolved.

Required On Close

If checked, the field must be filled in on the update issue and change status displays, if the new status is closed.

Notes on Display

Be careful not to set both a required attribute and show only on advanced display. It may be possible to trigger a validation error that the user cannot recover from (i.e., field is not filled in).

This set of pages control the configuration of the MantisBT system. Note that the configuration items displayed may be on a project by project basis.These pages serve two purposes. First, they will display the settings for the particular aspects of the system. If authorized, they will allow a user to change the parameters. They also have settings for what access level is required to change these settings ON A PROJECT basis. In general, this should be left alone, but administrators may want to delegate some of these settings to managers.

This page covers the adjustment of the settings for many of the workflow related parameters. For most of these, the fields are self explanatory and relate to a similarly named setting in the configuration file. At the right of each row is a selector that allows the administrator to lower the access level required to change the particular parameter.The values changeable on this page are:

Issues

Title

Variable

Description

Report an Issue

$g_report_bug_threshold

threshold to report an issue

Status to which a new issue is set

$g_bug_submit_status

status issue is set to when submitted

Update an Issue

$g_update_bug_threshold

threshold to update an issue

Allow Reporter to close an issue

$g_allow_reporter_close

allow reporter to close issues they reported

Monitor an issue

$g_monitor_bug_threshold

threshold to monitor an issue

Handle Issue

$g_handle_bug_threshold

threshold to handle (be assigned) an issue

Assign Issue

$g_update_bug_assign_threshold

threshold to be in the assign to list

Move Issue

$g_move_bug_threshold

threshold to move an issue to another project. This setting is for all projects.

Delete Issue

$g_delete_bug_threshold

threshold to delete an issue

Reopen Issue

$g_reopen_bug_threshold

threshold to reopen an issue

Allow reporter to reopen Issue

$g_allow_reporter_reopen

allow reporter to reopen issues they reported

Status to which a reopened Issue is set

$g_bug_reopen_status

status issue is set to when reopened

Resolution to which a reopened Issue is set

$g_bug_reopen_resolution

resolution issue is set to when reopened

Status where an issue is considered resolved

$g_bug_resolved_status_threshold

status where bug is resolved

Status where an issue becomes read-only

$g_bug_readonly_status_threshold

status where bug is read-only (see update_readonly_bug_threshold)

Update readonly issue

$g_update_readonly_bug_threshold

threshold to update an issue marked as read-only

Update Issue Status

$g_update_bug_status_threshold

threshold to update an issue's status

View Private Issues

$g_private_bug_threshold

threshold to view a private issue

Set View Status

$g_set_view_status_threshold

threshold to set an issue to Private/Public

Update View Status

$g_change_view_status_threshold

threshold needed to update the view status while updating an issue or an issue note

Show list of users monitoring issue

$g_show_monitor_list_threshold

threshold to see who is monitoring an issue

Set status on assignment of handler

$g_auto_set_status_to_assigned

change status when an issue is assigned

Status to set auto-assigned issues to

$g_bug_assigned_status

status to use when an issue is auto-assigned

Limit reporter's access to their own issues

$g_limit_reporters

reporters can see only issues they reported. This setting is for all projects.

Notes

Title

Variable

Description

Add Notes

$g_add_bugnote_threshold

threshold to add an issue note

Update Others' Notes

$g_update_bugnote_threshold

threshold at which a user can edit issue notes created by other users

Update Own Notes

$g_bugnote_user_edit_threshold

threshold at which a user can edit issue notes created by themselves

Delete Others' Notes

$g_delete_bugnote_threshold

threshold at which a user can delete issue notes created by other users

Delete Own Notes

$g_bugnote_user_delete_threshold

threshold at which a user can delete issue notes created by themselves

View private notes

$g_private_bugnote_threshold

threshold to view a private issue note

Change view state of own notes

$g_bugnote_user_change_view_state_threshold

threshold at which a user can change the view state of issue notes created by themselves

This page covers the status workflow. For most of these, the fields are self explanatory and relate to a similarly named setting in the configuration file. At the right of each row is a selector that allows the administrator to lower the access level required to change the particular parameter.The values changeable on this page are:

The matrix that follows has checkmarks where the transitions are allowed from the status on the left edge to the status listed across the top. This corresponds to the $g_enum_workflow array.At the bottom, there is a list of access levels that are required to change the status to the value listed across the top. This can be used, for instance, to restrict those who can close an issue to a specific level, say a manager. This corresponds to the $g_set_status_threshold array and the $g_report_bug_threshold setting.

This page sets the system defaults for sending emails on issue related events. MantisBT uses flags and a threshold system to generate emails on events. For each new event, email is sent to:

the reporter

the handler (or Assigned to)

anyone monitoring the issue

anyone who has ever added a issue note the issue

anyone assigned to the project whose access level matches a range

From this list, those recipients who meet the following criteria are eliminated:

the originator of the change, if $g_email_receive_own is OFF

the recipient either no longer exists, or is disabled

the recipient has turned their email_on_<new status> preference OFF

the recipient has no email address entered

The matrix on this page selects who will receive messages for each of the events listed down the left hand side. The first four columns correspond to the first four points listed above. The next columns correspond to the access levels defined. Note that because a minimum and maximum threshold are used, a discontinuous selection is not allowed.

The monitor issues feature allows users to subscribe to certain issues and hence get copied on all notification emails that are sent for these issues.Depending on the configuration, sending a reminder to a user about an issue can add this issue to the user's list of monitored issues. Users who reported the issue or are assigned the issue typically don't need to monitor the issue to get the notifications. This is because by default they get notified on changes related to the issue anyway. However, administrators can change the configuration to disable notifications to reporters or handlers in specific scenarios.

Re-open issue button is visible in the issue view pages if the user has the appropriate access level and the issue is resolved/closed. Re-opening a issue will allow users to enter issue notes for the re-opening reason. The issue will automatically be put into the Feedback status.

The delete issues button appears on the issue view pages for the users who have the appropriate access level. This allows you to delete an existing issue. This should only be used on frivolous or test issues. A confirmation screen will prompt you if you really want to delete the issue. Updaters, Developers, Managers, and Administrators can remove issues (you can also configure this).

This is a button that appears on the issue view pages for users that are authorized to close issues. Depending on the configuration, users may be able to close issues without having to resolve them first, or may be able to only close resolved issues. After the button is clicked, the user is redirected to a page where an issue note maybe added.

This option on the View Issues page allows you to resolve the issue. It will lead you to a page where you can set the resolution state and a duplicate id (if applicable). After choosing that the user can choose to enter an issue note detailing the reason for the closure. The issue is then set to the Resolved state. The reporter should check off on the issue by using the Close Issue button.

MantisBT supports news syndication using RSS v2.0 protocol. MantisBT also supports authenticated news feeds for private projects or installations where anonymous access is not enabled. Authenticated feeds takes a user name and a key token that are used to authenticate the user and generate the feed results in the context of the user's access rights (i.e. the same as what the user would see if they were to logged into MantisBT).To get access to the News RSS as anonymous user, visit the following page: http://www.example.com/mantisbt/news_rss.php While a user is logged in, the RSS links provided in the UI will always provide links to the authenticated feeds, if no user is logged in (i.e. anonymous), then anonymous links will be provided.

All strings used in MantisBT, including those defined in plugins, can be customized or translated differently. This is achieved by overriding them in the Custom Strings File (in config/custom_strings_inc.php), which is automatically detected and included by MantisBT code.

Defining custom strings here provides a simple upgrade path, and avoids having to re-do the changes when upgrading to the next release.

Note

The standard MantisBT language strings are sometimes reused in different contexts. If you are planning to override some strings to meet your specific requirements, make sure to analyze where they are used to avoids unexpected issues.

NEVER call lang_get_current() from the Custom Strings File, as doing so will reset the active_language, causing the code to return incorrect translations if the default language is different from English. Always use the $g_active_language global variable instead.

Different teams typically like to capture different information as users report issues, in some cases, the data required is even different from one project to another. Hence, MantisBT provides the ability for managers and administrators to define custom fields as way to extend MantisBT to deal with information that is specific to their teams or their projects. The aim is for this to keep MantisBT native fields to a minimum. Following are some facts about the implementation of custom fields in MantisBT:

Custom fields are defined system wide.

Custom fields can be linked to multiple projects.

The sequence of displaying custom fields can be different per project.

Custom fields must be defined by users with access level ADMINISTRATOR.

Custom fields can be linked to projects by users with access level MANAGER or above (by default, this can be configurable).

Number of custom fields is not restricted.

Users can define filters that include custom fields.

Custom fields can be included in View Issues, Print Issues, and CSV exports.

Enumeration custom fields can have a set of static values or values that are calculated dynamically based on a custom function.

Type 'enumeration' is used when a user selects one entry from a list. The user interface for such type is a combo-box.

Type 'email' is used for storing email addresses.

Type 'checkbox' is like enumeration but the list is shown as checkboxes and the user is allowed to tick more than one selection. The default value and the possible value can contain multiple values like 'RED|YELLOW|BLUE' (without the single quote).

Type 'radio' is like enumeration but the list is shown as radio buttons and the user is allowed to tick on of the options. The possible values can be 'RED|YELLOW|BLUE', where the default value can be 'YELLOW'. Note that the default value can't contain multiple values.

Type 'list' is like enumeration but the list is shown as a list box where the user is only allowed to select one option. The possible values can be 'RED|YELLOW|BLUE', where the default value can be 'YELLOW'. Note that the default value can't contain multiple values.

Type 'multi-selection list' is like enumeration but the list is shown as a list box where the user is allowed to select multiple options. The possible values can be 'RED|YELLOW|BLUE', where the default value can be 'RED|BLUE'. Note that in this case the default value contains multiple values.

Enumeration possible values (eg: RED|YELLOW|BLUE). Use the pipe ('|') character to separate possible values for an enumeration. One of the possible values can be an empty string. The set of possible values can also be calculated at runtime. For example, "=versions" would automatically resolve into all the versions defined for the current project.

Default value - see details above for a sample default value for each type.

Minimum/maximum length for the custom field value (use 0 to disable). Note that these metrics are not really relevant to custom fields that are based on an enumeration of possible values.

The logged in user needs to have access level that is greater than or equal to $g_custom_field_link_threshold and $g_manage_project_threshold.

Select "Manage" from the main menu.

Select "Manage Projects".

Select the name of the project to manage.

Scroll down to the "Custom Fields" box.

Select the field to add from the list, then click "Add This Existing Custom Field".

To change the order of the custom fields, edit the "Sequence" value and click update. Custom fields with smaller values are displayed first.

To unlink a custom field, click on "Remove" link next to the field. Unlinking a custom field will not delete the values that are associated with the issues for this field. These values are only deleted if the custom field definition is removed (not unlinked!) from the database. This is useful if you decide to re-link the custom field. These values may also re-appear if issues are moved to another project which has this field linked.

Moving Issues

When an issue is moved from one project to another, custom fields that are not defined for the new project are not deleted. These fields will re-appear with their correct values if the issue is moved back to the original project, or if these custom fields are linked to the new project.

Had we decided to use start_date as the custom field's name, then it would not have been necessary to modify the Custom Strings File (see Section 7.1, “Strings / Translations”), since MantisBT would have used the existing, already localized string from the standard language files. To check for standard strings, inspect lang/strings_english.txt.

Custom fields of type date can be defaulted to either specific or relative dates. Typically, relative dates is the scenario that makes sense in most of the cases.

The format for specific dates is an integer which indicates the number of seconds since the Unix Epoch (January 1 1970 00:00:00 UTC), which is the format consumed by the PHP date() method.

The relative scenario expects default values like {tomorrow}, {yesterday}, {+2 days}, {-3 days}, {next week}, etc. The curly brackets indicate that this is a logical value which is then evaluated using the PHP strtotime() function.

As discussed earlier, one of the possible types of a custom field is "enumeration". This type of custom field allows the user to select one value from a provided list of possible values. The standard way of defining such custom fields is to provide a '|' separated list of possible values. However, this approach has two limitations: the list is static, and the maximum length of the list must be no longer than 255 characters. Hence, the need for the ability to construct the list of possible values dynamically.

If the user selects =versions, the actual custom function that is executed is custom_function_*_enum_versions(). The reason why the "enum_" is not included is to have a fixed prefix for all custom functions used for this purpose and protect against users using custom functions that were not intended for this purpose. For example, you don't want the user to use custom_function_*_issue_delete_notify() which may be overridden by the web master to delete associated data in other databases.

Following is a sample custom function that is used to populate a field with the categories belonging to the currently selected project:

Notice "override" in the function name. This is because this method is defined by the MantisBT administrator/webmaster and not part of the MantisBT source. It is OK to override a method that doesn't exist.

As usual, when MantisBT is upgraded to future releases, the custom functions will not be overwritten. The difference between the "default" implementation and the "override" implementation is explained in more details in the custom functions section.

Enumerations are used in MantisBT to represent a set of possible values for an attribute. Enumerations are used for access levels, severities, priorities, project statuses, project view state, reproducibility, resolution, ETA, and projection. MantisBT provides the administrator with the flexibility of altering the values in these enumerations. The rest of this topic explains how enumerations work, and then how they can be customised.

How do enumerations work?

core/constant_inc.php defines the constants that correspond to those in the enumeration. These are useful to refer to these enumerations in the configs and the code.

config_defaults_inc.php includes the defaults for the enumerations. The configuration options that are defaulted here are used in specifying which enumerations are active and should be used in MantisBT.

The strings included in the enumerations here are just for documentation purposes, they are not actually shown to the user (due to the need for localisation). Hence, if an entry in this enumeration is not found in the corresponding localised string (i.e. 70:manager), then it will be printed to the user as @70@.

The Language Files (e.g. lang/strings_german.txt) provide the localised strings (German in this case) for enumerations. But again, the master list is the enumeration in the configs themselves, the ones in the language files are just used for finding the localised equivalent for an entry. Hence, if a user changes the config to have only two types of users developers and administrators, then only those will be prompted to the users even if the enumerations in the language files still includes the full list.

The file config/custom_constants_inc.php is supported for the exclusive purpose of allowing administrators to define their own constants while maintaining a simple upgrade path for future releases of MantisBT. Note that this file is not distributed with MantisBT and you will need to create it if you need such customisation. In our example, we need to define a constant for the new access level.

We don't need to remove the Updater entry from the localisation file if the current language is 'English'.

Conclusion

We have covered how enumerations work in general, and how to customise one of them. If you are interested in customising other enumerations, a good starting point would be to go to MantisBT Enum Strings section in config_defaults_inc.php. This section defines all enumerations that are used by MantisBT.

Note that the key in the $g_status_colors array must be equal to the value defined for the new status code in $g_status_enum_string.

Define the required translation strings for the new status, for each language used in the installation.

s_status_enum_string: status codes translation (refer to the original language strings for standard values)

s_XXXX_bug_title: title displayed in the change status page

s_XXXX_bug_button: label for the submit button in the change status page

s_email_notification_title_for_status_bug_XXXX: title for notification e-mails

where XXXX is the name of the new status as it was defined in g_status_enum_string above. If XXXX contains spaces, they should be replaced by underscores in the language strings names (e.g. for '35:pending user', use '$s_pending_user_bug_button')

If you do not perform this step and have existing workflow definitions, it will not be possible to transition to and from your new status.

Go to the Workflow Transitions page (manage_config_workflow_page.php), and update the workflow as appropriate. Make sure that you have picked the correct Project in the selection list).

Hint: to identify whether you have any workflows that should be updated, open the Manage Configuration Report page (adm_config_report.php) and filter on 'All Users', [any] project and config option = 'status_enum_workflow'. All of the listed projects should be reviewed to eventually include transitions to and from the newly added states.

Custom functions are used to extend the functionality of MantisBT by integrating user-written functions into the issue processing at strategic places. This allows the system administrator to change the functionality without touching MantisBT's core.

Default Custom Functions are defined in the API file core/custom_function_api.php , and are named custom_function_default_descriptive_name, where descriptive_name describes the particular function. See Section 7.6.1, “Default Custom Functions” for a description of the specific functions.

User versions of these functions (overrides) are named like custom_function_override_descriptive_name, and placed in a file called custom_functions_inc.php that must be saved in MantisBT's config directory. In normal processing, the system will look for override functions and execute them instead of the provided default functions.

The simplest way to create a custom function is to copy the default one from the api to your override file (custom_functions_inc.php), and rename it (i.e. replacing 'default' by 'override'). The specific functionality you need can then be coded into the override function.

MantisBT supports several authentication methods out of the box. In addition, there is work in progress relating to supporting authentication plug-ins. Once these are implemented, authentication against any protocol or repository of user names and passwords will be possible without having to touch MantisBT core code.

It is important to note that MantisBT does not yet support hybrid authentication scenarios. For example, internal staff authenticating against LDAP while customers authenticate against the MantisBT database with MD5 hash.

When MantisBT is configured to use basic auth, it automatically detects the logged in user and checks if they are already registered in MantisBT, if not, then a new account is automatically created for the username.

The password length is limited to the size of the underlying database field (DB_FIELD_SIZE_PASSWORD constant), currently 32 characters.

The following methods of authentication are deprecated, and supported for backwards-compatibility reasons only. It is strongly recommended to update MantisBT installations relying on these to use Section 8.1, “Standard Authentication” instead.

Deprecated values for $g_login_method:

CRYPT

CRYPT_FULL_SALT

PLAIN

With CRYPT-based methods, the password's length is limited as per Standard Authentication. With PLAIN, its size is restricted as for Basic Authentication.

This error may only occur when Form Validation is enabled with $g_form_security_validation = ON (see Section 5.4, “Webserver”). There are several known cases that could trigger it:

Multiple submissions of a form by clicking on the submit button several times (user error)

Invalid or unauthorized submission of a form, e.g. by hand-crafting the URL (CSRF attack)

Expired PHP session

In the first two instances, MantisBT's behavior is by design, and the response as expected. For expired sessions however, the user is impacted by system behavior, which could not only cause confusion, but also potential loss of submitted form data. What happens is driven by several php.ini configuration settings:

With PHP default values, sessions created more than 1440 seconds (24 minutes) ago have a 1% chance to be invalidated each time a new session is initialized. This explains the seemingly random occurrence of this error.

Unfortunately, this problem cannot be fixed without a major rework of the way sessions and form security are handled in MantisBT.

MantisBT doesn't just track the status of issues, it also relates issues to versions. Each project can have several versions, which are marked with attributes like released and obsolete. Users typically report issues against released issues and developers typically fix issues in not released versions. With every new release comes question like: what's new? what has been fixed? Customers wonder if the new release is of interest to them and whether they should take an upgrade. Well, the change log is specifically tailored to answer these kind of questions.

In order for an issue to show up in the change log, it has to satisfy certain criteria. The criteria is that the issue has to be resolved with a 'fixed' resolution and has to have the 'fixed_in_version' field set. Users sometimes wonder why resolved or closed issues don't show up in the change log, and the answer is that the 'fixed_in_version' field is not set. Without the 'fixed_in_version', it is not possible for MantisBT to include the issues in the appropriate section of the changelog. Note that it is possible to set the 'fixed_in_version' for multiple issues using the 'Update Fixed in Version' group action on the View Issues page (just below the issues list). This option is only available when the selected project is not 'All Projects'. Once a version is marked as obsolete, it is now longer included in the change log.

MantisBT also provides the ability to customize the criteria used for an issue to be included in the change log. For example, for installations that use a custom set of resolutions, it is possible to select multiple resolutions as valid candidates for the change log. This can be done using custom functions (see custom functions documentation for more details). The custom function below overrides the MantisBT default behavior to include issues with both FIXED and IMPLEMENTED (a custom resolution) resolutions in the change log.

By combining both customization features, it is also possible to do more advanced customization scenarios. For example, users can add a 'ChangelogSummary' custom field and include all issues that have such field in the change log. Through customizing what information being included for a qualifying issue, users can also include the 'ChangelogSummary' text rather than the native summary field.

In some cases, users know that they fixed an issue and that the fix will be included in the next release, however, they don't know yet the name of the release. In such case, the recommended approach is to always have a version defined that corresponds to the next release, which is typically called 'Next Release'. Once the release is cut and has a concrete name, then 'Next Release' can be renamed to the appropriate name and a new 'Next Release' can then be created. For teams that manage releases from multiple branches for the same project, then more than one next release can be possible. For example, 'Next Dev Release' and 'Next Stable Release'.

Another common requirement is to be able to link to the change log of a specific project from the project's main website. There is a variety of ways to do that:

To link to the changelog of all non-obsolete versions of project 'myproject':

http://www.example.com/mantisbt/changelog_page.php?project=myproject

To link to the changelog of project with id 1. The project id can be figured out by going to the management page for the project and getting the value of project_id field form the URL.

http://www.example.com/mantisbt/changelog_page.php?project_id=1

To link to the changelog of version with id 1. The version id is unique across all projects and hence in this case it is not necessary to include the project id/name. The version id can be figured out by going to the manage project page and editing the required version. The version_id will be included in the URL.

http://www.example.com/mantisbt/changelog_page.php?version_id=1

Another approach is to go to the project page and from there users can get to multiple other locations relating to the project include the change log. This can be done by a URL like the following:

http://www.example.com/mantisbt/project_page.php?project_id=1

It is possible to customize the access level required for viewing the change log page. This can be done using the $g_view_changelog_threshold configuration option.

One of the very important scenarios in project management is where the project managers (or team leads) triage the issues to set their priorities, target version, and possibly assign the issues to specific developers or take other actions on the issue. By setting the target version of an issue to a version that is not yet released, the issue shows up on the project roadmap, providing user with information about when to expect the issues to be resolved. The roadmap page has a section for each release showing information like planned issues, issues done and percentage of issues completed. Issues that are fixed in a specific version, but didn't have the target_version field set, will not show up in the roadmap. This allows the ability to control the issues that are significant enough to show in the roadmap, while all resolved fields can be found in the change log. Note that it is possible to set the 'target_version' for multiple issues using the 'Update Target Version' group action that is available through the View Issues page (below the issues list). This option is only available when the current project is not 'All Projects'. Although it is not a typical scenario, it is worth mentioning that once a version is marked as obsolete, it is not included in the roadmap.

Note that the roadmap only includes future versions, once a version is marked as released, it no longer is included in the roadmap. For information about such releases, the change log feature should be used. For an issue to be shown on the roadmap, it has to have the target version set. It does not matter whether the feature is resolved or not. Resolved features will be decorated with a strikethrough and will be counted as done.

MantisBT provides the ability to customize the criteria for issues to show up on the roadmap. The default criteria is that the issue has to belong to a version that is not yet released and that the issues is not a duplicate. However, such criteria can be customized by using custom functions as below.

​​<?php​# --------------------​# Checks the provided bug and determines whether it should be included in the roadmap or not.​# returns true: to include, false: to exclude.​function custom_function_override_roadmap_include_issue($p_issue_id) {
​return( true );​}

It is also possible to customize the details included about an issues and the presentation of such details. This can be done through the following custom function:

Some teams manage different branches for each of their projects (e.g. development and maintenance branches). As part of triaging the issue, they may decide that an issue should be targeted to multiple branches. Hence, frequently the request comes up to be able to target a single issue to multiple releases. The current MantisBT approach is that an issues represents an implementation or a fix for an issue on a specific branch. Since sometimes applying and verifying a fix to the two branches does not happen at the same time and in some cases the approach for fixing an issue is different based on the branch. Hence, the way to manage such scenario is to have the main issue for the initial fix and have related issues which capture the work relating to applying the fix to other branches. The issues for porting the fix can contain any discussions relating to progress, reflect the appropriate status and can go through the standard workflow process independent of the original issues.

Another common requirement is to be able to link to the roadmap of a specific project from the project's main website. There is a variety of ways to do that:

To link to the roadmap of all non-obsolete versions of project 'myproject':

http://www.example.com/mantisbt/roadmap_page.php?project=myproject

To link to the roadmap of project with id 1. The project id can be figured out by going to the management page for the project and getting the value of project_id field form the URL.

http://www.example.com/mantisbt/roadmap_page.php?project_id=1

To link to the roadmap of version with id 1. The version id is unique across all projects and hence in this case it is not necessary to include the project id/name. The version id can be figured out by going to the manage project page and editing the required version. The version_id will be included in the URL.

http://www.example.com/mantisbt/roadmap_page.php?version_id=1

Another approach is to go to the project page and from there users can get to multiple other locations relating to the project include the roadmap. This can be done by a URL like the following:

http://www.example.com/mantisbt/project_page.php?project_id=1

The access level required to view and modify the roadmap can be configured through $g_roadmap_view_threshold and $g_roadmap_update_threshold respectively. Modifying the roadmap is the ability to set the target versions for issues. Users who have such access can set the target versions while reporting new issues or by updating existing issues.

One of the greatest ways to contribute to MantisBT is to contribute your talent and time. For MantisBT to keep growing we need such support in all areas related to the software development cycle. This includes: business analysts, developers, web designers, graphics designers, technical writers, globalization developers, translators, testers, super users, packagers and active users. If you would like to contribute in any of these capacities please contact us through the "Contact Us" page.

It feels great when we get feedback from the user community about how MantisBT boosted their productivity, and benefited their organization. A lot of the feedback I get is via email, some on mailing lists, and some on forums. I would encourage such users to blog about it, tell their friends about MantisBT, and recommend MantisBT to other organizations. MantisBT is driven by it's community, the greater the community, the greater the ideas, the greater of a product it becomes.

If you have a blog, then talk about MantisBT, review it's features and help us spread the word. A lot of users also like to blog about how they customized MantisBT to fit their needs or to integrate with other tools that they use in their work environment.

If you have a product that can be integrated with MantisBT to provide value for MantisBT users, that would be a great place to contribute and benefit both your project's and the MantisBT community.

A great example in this area are integrations with content management systems (e.g. *Nuke, Xoops), project management (PHPProjekt), and TestLink for Test Management. MantisBT can easily be integrated with projects in any programming language whether it is hosted on the same webserver or anywhere else in the world. This can be achieved through its SOAP API and MantisConnect client libraries. MantisConnect comes with client libraries and samples in languages like PHP, .NET, Java and Cocoa.